Date: Mon, 3 Jun 2002 02:07:03 -0400 From: Doug Lee <dgl@visi.com> To: freebsd-questions@freebsd.org Subject: rc.firewall with ppp/nat problem and fix Message-ID: <20020603060703.GA545@kirk.dlee.org>
next in thread | raw e-mail | index | archive | help
I've switched from a DHCP cable modem to a PPPoE DSL modem and thus
started running ppp. I had trouble getting natd to work with ppp, so
I'm now using ppp's nat facilities...
but the rc.firewall rules for denying RFC1918 traffic on the outside
interface seem to block legitimate traffic from my LAN to the Internet
and back also. My solution is to put the following line above the
first "Stop RFC1918 nets ..." line in /etc/rc.firewall:
$fwcmd add pass all from any to any in via ${iif} keep-state
The questions: Will this generate a huge number of dynamic rules for
local traffic, and is there a better way to do this, preferably other
than trying to duplicate my rc.firewall in ppp.conf?
Thanks.
--
Doug Lee dgl@visi.com http://www.visi.com/~dgl
Bartimaeus Group doug@bartsite.com http://www.bartsite.com
"There are no guarantees. From a standpoint of fear, none are
strong enough. From a standpoint of love, none are necessary."
- from Emmanuel's Book II
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020603060703.GA545>