Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Jan 2000 20:52:43 -0500
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        Richard Martin <dmartin@origen.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: loss of setup option in ipfw
Message-ID:  <20000117205243.A63571@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <3882608D.E77903EE@origen.com>; from dmartin@origen.com on Sun, Jan 16, 2000 at 06:21:33PM -0600
References:  <3882608D.E77903EE@origen.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 16, 2000 at 06:21:33PM -0600, Richard Martin wrote:
> I am setting up a new server with ipfw packet filtering and I have a couple of
> questions about some quirks.  
> 
> First, I cannot now use the 'setup' option for TCP packets.  Whether the line
> is in the script or entered at the command line, if it has 'setup' in the
> option position, the rule fails.  

And the error message is...?

> I have added a few ports since I first set up the firewall - Tripwire, LSOF, a
> few others- and somewhere along the way, something seems to have affected
> ipfw, because it was working OK before. Now when the script runs, even at
> reboot, the firewall lines with 'setup' at the end fail. A TCP rule with setup
> entered at the command line fails, but removing 'setup' allows it to be added
> to the chain. 

And command lines and the error messages are...?

> ************
> 
> Second, I have noticed that replies packets coming our of our LAN (like ftp
> data) behind the firewall are addressed back to the internal LAN IPs. This is
> odd: other NAT/masquerading systems I have used have the replies come back to
> the external IP and a table is kept for replies to rout the packets back to
> the right address.  
> 
> Do I have something misconfigured. or is this just the way NATD works in
> F'BSD? 

The packets with addresses of your private address-space are leaking
out onto the net? That should not be happening. How is natd configured
and how is your network setup? What are your firewall rules?
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000117205243.A63571>