From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 13 22:49:32 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BB79316A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Dec 2003 22:49:32 -0800 (PST)
Received: from mail.webzone.net.au (mail.webzone.net.au [210.8.36.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 311EF43D36
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Dec 2003 22:49:31 -0800 (PST)
	(envelope-from imoore@picknowl.com.au)
Received: from msgserver.threed.com.au (ppp199.webzone.net.au
	[203.57.204.199]) by mail.webzone.net.au
	<B0001209119@mail.webzone.net.au> for <freebsd-questions@freebsd.org>;
	Sun, 14 Dec 2003 17:22:07 +1030
Content-Type: text/plain;
  charset="us-ascii"
From: Ian Moore <imoore@picknowl.com.au>
To: freebsd-questions@FreeBSD.org
Date: Sun, 14 Dec 2003 17:19:26 +1030
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200312141719.26819.imoore@picknowl.com.au>
Subject: IPFW via command problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Dec 2003 06:49:32 -0000

Hi,
I'm setting up a firewall on a dual homed host for an ADSL connection.
I'm using 4.8-RELEASE, cvsupped to the latest RELENG_4_8 as of late October 
2003.
I've followed the instructions at 
http://www.mostgraveconcern.com/freebsd/ipfw.html for setting up the 
firewall, which supposedly work, but seem to be having a problem with the via 
command
eg lines like 
# Allow outgoing pings
${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}

where I have defined ${oif} as
oif="xl1"
where xl1 is my external interface

The above lines don't allow pings to the outside world, but if I comment out
via ${oif} then it does allow them.
This seems to be true of all the lines with via in them - they don't work.
I tried substituting the actual IP address for the interface name, but that 
didn't work either.
I can't figure out why via doesn't work - anyone have any clues as to why it 
wouldn't function?

Cheers,
Ian