Date: Wed, 03 Jul 2002 08:52:03 +0200 From: Thomas Fiebig <tfie@lrs.e-technik.uni-erlangen.de> To: questions@FreeBSD.org Subject: Firewall dynamic rules and NAT Message-ID: <3D229F13.986F458B@lrs.e-technik.uni-erlangen.de>
next in thread | raw e-mail | index | archive | help
Hi, I'm installing a firewall for my private network with one machine playing the role of the firewall. Now I have installed NAT to go to the internet with the dynamically assigned IP of my ISP. Following the instructions in 'man ipfw', I want to allow just outgoing internet access and I want to use dynamic rules for that, as suggested in the man page (check-state, deny established, setup keep-state, etc.). But that doesn't work. The 3-Way handshake stops after the backsend packet from the site I called. This packed is dropped by the established rule. So it seems to me as if there is not installed a dynamic rule with my first packet sent (setup keep-state rule), so the check-state rule is not used and the second packet is dropped. Is it possible, that the network address translation and therefore my divert rule (one of the first rules in my ruleset) are disturbing the setup of dynamic rules? Thank you, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D229F13.986F458B>