Date: Tue, 14 Dec 1999 16:08:25 -0800 From: Sanford Owings <sowings@pasteur.EECS.Berkeley.EDU> To: freebsd-security@freebsd.org Subject: Firewall and NAT, step-by-step? Message-ID: <199912150008.QAA10142@mamba.CS.Berkeley.EDU>
next in thread | raw e-mail | index | archive | help
I'm trying to set up a firewall with transparent proxying, and I suspect that the right combination of firewall rules and NAT will do what I want. The problem is that I'm stymied by the exact order of the process. /etc/rc.firewall states that an incoming packet translated by natd will then "reenter the firewall". Does this mean that the packet begins again at rule 0, and if so, what exactly is its state? Most specifically, what interface is it hitting, and which way is it going? Can I finagle something useful out of "recv, xmit, in, out", etc? I have attempted to figure out what's going on by opening the firewall, starting nat and having a client machine ping or nslookup or try some other equally simple action while watching the inbound and outbound interfaces with tcpdump. I can see the way packets move on the wire, but not how they bang around the kernel. With the firewall rules in place, the outbound tcpdump sees exactly 0 packets. Any help would be greatly appreciated. -- Sanford Owings EECS Instructional Group Staff University of California at Berkeley To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912150008.QAA10142>