From owner-freebsd-questions Wed Apr 3 3: 4:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from nl-irelay01.cmg.nl (smtp.cmg.com [195.109.155.100]) by hub.freebsd.org (Postfix) with ESMTP id AF9BE37B400 for ; Wed, 3 Apr 2002 03:04:37 -0800 (PST) Received: from nl-amv-route01.cmg.nl (nl-amv-route.cmg.nl [10.16.127.107]) by nl-irelay01.cmg.nl (8.12.1/8.12.1) with ESMTP id g33B4ZXM084259 for ; Wed, 3 Apr 2002 13:04:35 +0200 (CEST)?g (envelope-from ramses.van.pinxteren@cmg.nl)œ Received: by nl-amv-route01.cmg.nl with Internet Mail Service (5.5.2653.19) id <2G3XXLD3>; Wed, 3 Apr 2002 13:04:30 +0200 Message-ID: <395ABDBC0952D211BB2A00104BB3F93906A1ACE1@nl-amv-mail03.cmg.nl> From: Ramses van Pinxteren To: freebsd-questions Subject: IPF and Nat question Date: Wed, 3 Apr 2002 13:04:28 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Virus-Scanned: CMG - by AMaViS / NAI Virus Scan Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello question solvers around the world, I have a problem with my firewall... I think (suspect) there is something wrong with the ordening of the rules but I am nog sure. can you pease take a look at it and shoot me for the most stupid errors ever made?? The problem I have is when I load the firewall Nat will not work anymore :-( does anyone have a suggesion?? ############################# # # Start firewall by blocking all incomming traffic # ############################# block in on xl0 all block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type 0 block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type 11 block in quick on xl0 proto icmp from any to any # The pass rules... #allow in FTP pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 20 flags S keep state keep frags pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 21 flags S keep state keep frags #allow in SSH pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 22 flags S keep state keep frags #allow in SMTP pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 25 flags S keep state keep frags #allow in DNS pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 53 flags S keep state keep frags pass in quick on xl0 proto udp from any to 80.242.225.121/32 port = 53 flags S keep state keep frags #allow in WEB pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 80 flags S keep state keep frags #allow in CHAT pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 8000 flags S keep state keep frags block out on xl0 all # Only allow TCP, UDP and ICMP traffic out pass out quick on xl0 proto tcp from 80.242.225.121/32 to any keep state pass out quick on xl0 proto udp from 80.242.225.121/32 to any keep state pass out quick on xl0 proto icmp from 80.242.225.121/32 to any keep state #internal interface pass in quick on rl0 from any to any pass out quick on rl0 from any to any #Local loopback pass in quick on lo0 from any to any pass out quick on lo0 from any to any I have compiled my kernel with default blocking enabled. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message