Date: Thu, 17 Feb 2005 20:57:29 -0800 From: "Michael C. Shultz" <ringworm01@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Operation: "ipfw on a gateway box" Message-ID: <200502172057.32483.ringworm01@gmail.com> In-Reply-To: <447jl7qnrg.fsf@be-well.ilk.org> References: <1108469888.4211e880197ca@mail.online.ie> <1108546011.421311db8f10b@mail.online.ie> <447jl7qnrg.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote: > > > Does anything work *without* the firewall? > > > > Yes, before I started messing with the firewall I had squid > > set up, I set up FreeBSD as a gateway and also as a DNS > > server. I could acces the WWW, ftp, telnet and all the > > other services at will, inside and outside my home LAN. > > Try temporarily setting the firewall to just pass everything > ("ipfw add 1 allow ip from any to any") and see if you can still get > out through it. I'm guessing something else may be messed up now. If he is using it as a gateway for other machines he will still need NAT. Try this to open the fire wall up: public="xl0" private="xl1" loopBack="lo0" ipfw add 00100 allow all from any to any via $private ipfw add 00110 allow all from any to any via $loopBack # # Net Address Translate (NAT) incomming packets # ipfw add 00120 divert natd ip from any to any in via $public # # Net Address Translate (NAT) out going packets # ipfw add 01000 divert natd ip from any to any out via $public ipfw add 01010 allow ip from any to any I just clipped these from my rules, thats why the weird numbering scheme. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502172057.32483.ringworm01>