From owner-freebsd-questions@FreeBSD.ORG Sat Aug 23 22:51:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 511AC16A4BF for ; Sat, 23 Aug 2003 22:51:00 -0700 (PDT) Received: from lakemtao08.cox.net (lakemtao08.cox.net [68.1.17.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F92543FE1 for ; Sat, 23 Aug 2003 22:50:59 -0700 (PDT) (envelope-from micheal@cancercare.net) Received: from dredster ([68.12.67.176]) by lakemtao08.cox.net (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with SMTP id <20030824055056.ODKN19774.lakemtao08.cox.net@dredster>; Sun, 24 Aug 2003 01:50:56 -0400 Message-ID: <035d01c36a03$c1c70e40$0201a8c0@dredster> From: "Micheal Patterson" To: "Thomas Smith" , References: <3F4663B2.1030004@openadventures.org> Date: Sun, 24 Aug 2003 00:51:23 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: NATD Firewall Rules Setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 05:51:00 -0000 ----- Original Message ----- From: "Thomas Smith" To: Sent: Friday, August 22, 2003 1:40 PM Subject: NATD Firewall Rules Setup > I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall > locked down as I need it to be but am having issues getting NAT working. > The firewall config file is included below. > > Note that if I add the "allow all" rule to the end of the file NAT works > fine. I'm certain its an IPFW issue but haven't been able to figure it > out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation > (preferably with examples of usage) would be very helpful. I haven't > been able to find a lot of info outside of the Handbook and what I do > find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow > all traffic. > > # Allow NAT traffic out. > /sbin/ipfw add divert natd all from any to any via ${oif} Unless things have changed since I started using NAT years ago with 2.7, your rule to divert to NAT needs to be the very first rule of your firewall. Any rules after will still be processed as normal since NAT reinjects the packet back into the firewall at the next rule number for any additional processing. -- Micheal Patterson Network Administration Cancer Care Network 405-733-2230