Date: Sun, 16 Jan 2000 18:21:33 -0600 From: Richard Martin <dmartin@origen.com> To: freebsd-ipfw@FreeBSD.ORG Subject: loss of setup option in ipfw Message-ID: <3882608D.E77903EE@origen.com>
next in thread | raw e-mail | index | archive | help
I am setting up a new server with ipfw packet filtering and I have a couple of questions about some quirks. First, I cannot now use the 'setup' option for TCP packets. Whether the line is in the script or entered at the command line, if it has 'setup' in the option position, the rule fails. I have added a few ports since I first set up the firewall - Tripwire, LSOF, a few others- and somewhere along the way, something seems to have affected ipfw, because it was working OK before. Now when the script runs, even at reboot, the firewall lines with 'setup' at the end fail. A TCP rule with setup entered at the command line fails, but removing 'setup' allows it to be added to the chain. ************ Second, I have noticed that replies packets coming our of our LAN (like ftp data) behind the firewall are addressed back to the internal LAN IPs. This is odd: other NAT/masquerading systems I have used have the replies come back to the external IP and a table is kept for replies to rout the packets back to the right address. Do I have something misconfigured. or is this just the way NATD works in F'BSD? Thanks -- Richard Martin dmartin@origen.com OriGen Biomedical Tel: +1 512 474 7278 2525 Hartford Rd. Fax: +1 512 708 8522 Austin, TX 78703 http://www.formed.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3882608D.E77903EE>