Date: 31 Mar 2004 21:44:25 +0200 From: Andre Post <apost@high-low.net> To: Prodigy <prodigy@punktas.lt> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: problems with ipfw + natd rules Message-ID: <1080762266.1094.6.camel@remote.high-low.net> In-Reply-To: <003f01c4174d$c38ffa50$6900a8c0@prodigy> References: <003f01c4174d$c38ffa50$6900a8c0@prodigy>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
> ${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
> to any via rl1
> ${fwcmd} add 500 pass tcp from any to any
> 22,80,110,119,143,443,3306,5190,6667-7000 via rl1
>
> When I comment out 400 and 500 rules and add "allow all from any to any via
> rl1" it's all ok. The problem is somewhere in 400 and 500 rules.
Those lines (400 and 500) sure look like they could cause trouble. Try
chopping them up per port number/range across multiple lines.
ipfw and natd are nice for the quick-and-dirty setups, but if you need
something more predictable, configurable, and debuggable....switch to
ipfilter and ipnat. You'll find yourself very much in control over your
firewall/nat environment.
Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1080762266.1094.6.camel>