From owner-freebsd-questions@FreeBSD.ORG Fri Oct 24 02:35:33 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A86D416A4B3 for ; Fri, 24 Oct 2003 02:35:33 -0700 (PDT) Received: from web20501.mail.yahoo.com (web20501.mail.yahoo.com [216.136.226.136]) by mx1.FreeBSD.org (Postfix) with SMTP id 1839E43FB1 for ; Fri, 24 Oct 2003 02:35:33 -0700 (PDT) (envelope-from alhagiep@yahoo.com) Message-ID: <20031024093532.82462.qmail@web20501.mail.yahoo.com> Received: from [24.87.98.182] by web20501.mail.yahoo.com via HTTP; Fri, 24 Oct 2003 02:35:32 PDT Date: Fri, 24 Oct 2003 02:35:32 -0700 (PDT) From: Alhagie Puye To: Michelle , freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: nat and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2003 09:35:33 -0000 Do you have a natd.conf file? What does your rc.conf file look like? You have to turn on nat for the packets to be translated. Telling the firewall to send the packets to natd is one thing, what the happens to them after that is another. You ARE missing the setup for natd. Check this out: http://www.freebsddiary.org/ipfw.php Please read this link. I sent you something similar in my previous reply. And you are still asking the same question. It is very self-explanatory. Cheers, Alhagie. --- Michelle wrote: > i have a freebsd server running 4.6.2 with 2 nic > cards installed one > for our lan (fxp0) that provides connection to the > outside world via > dsl and the other for an internal subnet (xl0). i > have both natd and > ipfw configured and running. when on the subnet, i > can not connect to > the outside. i tried flushing the firewall rules > and adding only: > > ipfw add 100 divert natd all from any to any via > fxp0 > ipfw add 200 allow all from any to any > > i am then able to connect from a client on the > subnet to an outside ip > address. > > then i tried flushing the rules again and adding: > > ipfw add 100 divert natd all from any to any via > fxp0 > ipfw add 200 allow all from 192.168.53.200 to any > ipfw add 300 allow all from any to 192.168.53.200 > > i don't understand why the above rules would stop > the client on the > subnet from making a connection to the outside. is > there another rule > i need to add? > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com