Date: Sun, 15 Oct 2000 15:32:26 -0700 From: Jon Drukman <jsd@collab.net> To: freebsd-questions@freebsd.org Subject: natd + ipfw in default deny mode Message-ID: <4.3.2.7.2.20001015152808.00b275f8@lasvegas.sfo.collab.net>
next in thread | raw e-mail | index | archive | help
I am running 4.1.1-R and doing the typical natd + ipfw thing to let my windows boxes connect to my DSL line through the FreeBSD box. I was wondering if it is possible to run the FreeBSD ipfw configuration in "default deny" mode. I can't get it to work by doing firewall type "simple". Unless I have a pass all rule in the ipfw config, I get this message from natd: Oct 14 19:42:33 cluttered natd[98]: failed to write packet back (Permission denied) I thought having the divert rule early on would work around all the deny rules, but I haven't stumbled on the magic formula. Any example firewall configs would be appreciated. Right now I'm running in "open" mode and explicitly blocking a few troublesome ports (windows networking for example) but obviously it would be nicer to block everything and only accept what I specifically need. In case it matters, the external network (dsl) is on interface dc0. The internal net is 10.10.10.0/24 on interface ed0. My natd lines in rc.conf are: natd_enable="YES" natd_interface="dc0" natd_flags="" My firewall lines are: firewall_enable="YES" firewall_type="open" firewall_logging="YES" -jsd- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001015152808.00b275f8>