From owner-freebsd-net Sat May 6 16:22:28 2000 Delivered-To: freebsd-net@freebsd.org Received: from camel.ethereal.net (216.200.22.209.cp.net [216.200.22.209]) by hub.freebsd.org (Postfix) with ESMTP id D8A6A37B73E for ; Sat, 6 May 2000 16:22:24 -0700 (PDT) (envelope-from jkb@camel.ethereal.net) Received: (from jkb@localhost) by camel.ethereal.net (8.10.0.Beta10/8.10.0.Beta10) id e46NMLI46138; Sat, 6 May 2000 16:22:21 -0700 (PDT) Date: Sat, 6 May 2000 16:22:21 -0700 From: Jan Koum To: freebsd-net@freebsd.org Subject: possible /etc/rc.firewall bug? Message-ID: <20000506162221.B45391@ethereal.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.11i X-Operating-System: FreeBSD camel.ethereal.net 3.4-RELEASE FreeBSD 3.4-RELEASE X-Unix-Uptime: 3:43PM up 1 day, 2:20, 12 users, load averages: 0.27, 0.22, 0.17 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i just noticed something. if you setup natd and ipfw, you end up with: # ipfw -a l 00100 677369 166815520 divert 8668 ip from any to any via ed0 00100 397358 45078874 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 65000 1709011 373169093 allow ip from any to any 65535 0 0 deny ip from any to any two rules with number 100 -- i suggest moving divert rule to 50 by changing ${fwcmd} add divert natd all from any to any via ${natd_interface} to: ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} of course another way to do this is to remove #'s from following rules: ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 thanks, -- yan p.s. - this is 4.0 box with rc.firewall: # $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message