From owner-freebsd-ipfw Wed Aug 9 15: 6:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 81B9A37B561 for ; Wed, 9 Aug 2000 15:06:33 -0700 (PDT) (envelope-from nick@rapidnet.com) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id QAA06380; Wed, 9 Aug 2000 16:05:14 -0600 (MDT) Date: Wed, 9 Aug 2000 16:05:14 -0600 (MDT) From: Nick Rogness To: TeRrAc Cc: FreeBSD IPFW list Subject: Re: natd + IPFW In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 9 Aug 2000, TeRrAc wrote: > Natd is in fadct running, With what options? It should be: /sbin/natd -n fxp1 > > > I know that is a bass-ackwards rulset, usually I have been testing it > like: > 00100 1849 185456 divert 8668 ip from any to any via fxp1 > 00500 32 2404 allow ip from any to any > 00600 0 0 allow ip from any to any > 65535 83 5902 deny ip from any to any This looks OK...if fxp1 is indeed your outside interface. > > It seems logical enough that all packets should first be diverted > through natd (the 8668) through the interface, then passed without regard > through the rest of the system. They are sent through Natd, then re-injected back into the firewall at the next rule number. > Do i need another divert statement on fxp0 to bring them back? No. The above ruleset should work. How are you testing to see if it works. Can you get out from your BSD machine without using nat? Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message