Date: Fri, 22 Aug 2003 15:13:50 -0400 From: "Bob Hall" <rjhjr@cox.net> To: freebsd-questions@freebsd.org Subject: Re: NATD Firewall Rules Setup Message-ID: <20030822191349.GC8719@kongemord.krig.net> In-Reply-To: <3F4663B2.1030004@openadventures.org> References: <3F4663B2.1030004@openadventures.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 22, 2003 at 11:40:50AM -0700, Thomas Smith wrote: > I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall > locked down as I need it to be but am having issues getting NAT working. > The firewall config file is included below. > > Note that if I add the "allow all" rule to the end of the file NAT works > fine. I'm certain its an IPFW issue but haven't been able to figure it > out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation > (preferably with examples of usage) would be very helpful. I haven't > been able to find a lot of info outside of the Handbook and what I do > find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow > all traffic. All NAT does is translate your IP addresses. If it works with the "allow all" rule, then it works. It's the firewall, not NAT, that you need to adjust. When I set up my current firewall, I ran tcpdump for about a week, saving the output to a (huge) file. Then I analyzed it with nstreams to get an idea of what the traffic was like and what rules were needed. I still needed to do some tweaking; e.g. Windows vs. FBSD traceroute, but nstreams got me 90% of the way there. Bob Hall
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030822191349.GC8719>