Date: Wed, 02 Apr 2003 13:31:25 +0000 From: Ryan Merrick <sandshrimp@attbi.com> To: Brian McCann <bjm1287@ritvax.isc.rit.edu> Cc: freebsd-questions@freebsd.org Subject: Re: NATD & IPFW Message-ID: <3E8AE62D.1040504@attbi.com> References: <000001c2f8cb$6e4f5e60$2f811581@garfield>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian McCann wrote: >Hi all. I'm having an issue with security while trying to get natd to >work with ipfw. I got my ipfw rules working great, so I added the natd >line in: > > ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE > >But I can't do anything (ping, fetch, etc) until I add: > ipfw add pass all from any to any > >Now, I may be wrong, but doesn't this pretty much open the box up? I >tried changing the first "any" to my internal network, but that didn't >work, and I know I've got to be missing something. > >If anyone would like to help me off-list, I could send you a copy of my >rule set if you'd like. > >Thanks in advance, >--Brian > > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > Hello, The best way to learn about your firewall is to log all denyed packets and review the log file while trying different programs that access the network. #ipfw add 6500 deny log any to any #tail -f /var/log/security Then create rules based on what shows up in the logs. -Ryan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8AE62D.1040504>