From owner-freebsd-questions@FreeBSD.ORG Thu Oct 23 19:27:48 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C87A016A4B3 for ; Thu, 23 Oct 2003 19:27:48 -0700 (PDT) Received: from newtonsecond.com (adsl-63-207-117-158.dsl.snfc21.pacbell.net [63.207.117.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA89943FA3 for ; Thu, 23 Oct 2003 19:27:47 -0700 (PDT) (envelope-from tristan11@mindspring.com) Received: from [64.174.64.218] (HELO mindspring.com) by newtonsecond.com (CommuniGate Pro SMTP 4.1.1) with ESMTP id 730796 for freebsd-questions@freebsd.org; Thu, 23 Oct 2003 19:27:47 -0700 Date: Thu, 23 Oct 2003 19:27:44 -0700 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Michelle To: Content-Transfer-Encoding: 7bit In-Reply-To: <028401c399ce$3a82a8e0$0201a8c0@dredster> Message-Id: X-Mailer: Apple Mail (2.552) Subject: nat and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2003 02:27:48 -0000 i have a freebsd server running 4.6.2 with 2 nic cards installed one for our lan (fxp0) that provides connection to the outside world via dsl and the other for an internal subnet (xl0). i have both natd and ipfw configured and running. when on the subnet, i can not connect to the outside. i tried flushing the firewall rules and adding only: ipfw add 100 divert natd all from any to any via fxp0 ipfw add 200 allow all from any to any i am then able to connect from a client on the subnet to an outside ip address. then i tried flushing the rules again and adding: ipfw add 100 divert natd all from any to any via fxp0 ipfw add 200 allow all from 192.168.53.200 to any ipfw add 300 allow all from any to 192.168.53.200 i don't understand why the above rules would stop the client on the subnet from making a connection to the outside. is there another rule i need to add?