From owner-freebsd-security  Tue Jul 10 19:28:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from koza.acecape.com (koza2.acecape.com [66.9.36.222])
	by hub.freebsd.org (Postfix) with ESMTP id 5BF4E37B40F
	for <freebsd-security@freebsd.org>; Tue, 10 Jul 2001 19:28:48 -0700 (PDT)
	(envelope-from lists@natserv.com)
Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147])
	by koza.acecape.com (8.10.1/8.9.3) with ESMTP id f6B2Sle22271
	for <freebsd-security@freebsd.org>; Tue, 10 Jul 2001 22:28:47 -0400 (EDT)
Date: Tue, 10 Jul 2001 22:30:07 -0400 (EDT)
From: Francisco Reyes <lists@natserv.com>
X-X-Sender:  <fran@zoraida.natserv.net>
To: FreeBSD Security List <freebsd-security@freebsd.org>
Subject: Fixed Cant ping/nslookup. Natd rule not on top
In-Reply-To: <20010710211158.Q12950-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
Message-ID: <20010710222632.H511-100000@zoraida.natserv.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

After a week of going crazy I found why I could not ping/nslookup from
internal machines. It had to do with the placement of the natd/divert
rule.

Isn't this rule supposed to be all the way on the top of the ruleset?
I started my firewall on this machine from a template rc.firewall and it
had the natd almost in the middle of the ruleset. After I moved it to the
top now all works as expected.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message