From owner-freebsd-net  Tue Oct 24 14: 7:20 2000
Delivered-To: freebsd-net@freebsd.org
Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6A24237B479; Tue, 24 Oct 2000 14:07:16 -0700 (PDT)
Received: from 98wkst ([10.10.1.71])
	by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id RAA06331;
	Tue, 24 Oct 2000 17:07:48 -0400
Reply-To: <peter@sysadmin-inc.com>
From: "Peter Brezny" <peter@sysadmin-inc.com>
To: <freebsd-security@freebsd.org>
Subject: request for example rc.firewall script
Date: Tue, 24 Oct 2000 17:07:24 -0400
Message-ID: <003401c03dfe$68b42d80$47010a0a@fire.sysadmininc.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I'm working on adding the rules needed to rc.firewall under the 'simple'
sections to allow the script to function as a firewall/nat router for a
small network with private ip's in the 10.x.x.x range.

The firewall works if i use a simplified script, but the standard
rc.firewall that comes with 4.1 doesn't appear to allow nat to work without
modifying the rc.firewall script more than just putting in your network
info.

i think i need some allow rules before the

# Stop RFC1918 nets on the outside inteface

section of the script.

If anyone would be willing to share a portion of their rc.firewall script
I'd really appreciate it.

Peter Brezny
SysAdmin Services, Inc.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message