Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Aug 1998 13:56:31 +0200
From:      "laurens van alphen" <alphen@craxx.com>
To:        <freebsd-security@FreeBSD.ORG>
Subject:   natd and ipfw rules not working together
Message-ID:  <000201bdcc31$926e5510$0a00a8c0@uptight.student.utwente.nl>
next in thread | raw e-mail | index | archive | help 
hi all,

this is my setup
external net: 130.89/16 (ed0)
internal net: 192.168.0/24 (ed1)
running natd and ipfw on the router

rc.firewall contains:
      $fwcmd add divert natd all from any to any via ${natd_interface}
where natd _interface is ed0

next the default rc.firewall contained these rules:

$fwcmd add deny all from 192.168.0.0/16 to any via ${oif}
$fwcmd add deny all from any to 192.168.0.0/16 via ${oif}

when i apply those, natd clients (on the internal network) can no longer
talk to the outside world. they can however talk to ${oip} and ${iip}.

any clues? it seems to me natd should translate the packets coming from the
internal network before the 192.168/16 rule sees 'em. right?

thanks for you opinions,

--
laurens van alphen
craxx e-consultants
alphen@craxx.com
http://craxx.com/

-- de informatie verzonden met dit e-mail bericht is uitsluitend
bestemd voor de geadresseerde. gebruik van deze informatie door
anderen dan de geadresseerde is verboden. openbaarmaking,
vermenigvuldiging, verspreiding en/of verstrekking van deze
informatie aan derden is niet toegestaan. craxx staat niet in voor de
juiste en volledige verbrenging van de inhoud van een verzonden
e-mail, noch voor tijdige ontvangst daarvan.

-- the information contained in this communication is confidential and
may be legally privileged. it is intended solely for the use of the
individual or entity to whom it is addressed and others authorised to
receive it. if you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any action in
reliance of the contents of this information is strictly prohibited and
may be unlawful. craxx is either liable for the proper and complete
transmission of the information contained in this communication nor
for any delay in its receipt.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201bdcc31$926e5510$0a00a8c0>