Date: Thu, 17 Feb 2005 20:57:29 -0800 From: "Michael C. Shultz" <ringworm01@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Operation: "ipfw on a gateway box" Message-ID: <200502172057.32483.ringworm01@gmail.com> In-Reply-To: <447jl7qnrg.fsf@be-well.ilk.org> References: <1108469888.4211e880197ca@mail.online.ie> <1108546011.421311db8f10b@mail.online.ie> <447jl7qnrg.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote:
> > > Does anything work *without* the firewall?
> >
> > Yes, before I started messing with the firewall I had squid
> > set up, I set up FreeBSD as a gateway and also as a DNS
> > server. I could acces the WWW, ftp, telnet and all the
> > other services at will, inside and outside my home LAN.
>
> Try temporarily setting the firewall to just pass everything
> ("ipfw add 1 allow ip from any to any") and see if you can still get
> out through it. I'm guessing something else may be messed up now.
If he is using it as a gateway for other machines he will still need
NAT. Try this to open the fire wall up:
public="xl0"
private="xl1"
loopBack="lo0"
ipfw add 00100 allow all from any to any via $private
ipfw add 00110 allow all from any to any via $loopBack
#
# Net Address Translate (NAT) incomming packets
#
ipfw add 00120 divert natd ip from any to any in via $public
#
# Net Address Translate (NAT) out going packets
#
ipfw add 01000 divert natd ip from any to any out via $public
ipfw add 01010 allow ip from any to any
I just clipped these from my rules, thats why the weird numbering
scheme.
-Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502172057.32483.ringworm01>