Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Jan 2000 21:36:12 -0600
From:      Richard Martin <dmartin@origen.com>
To:        "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: loss of setup option in ipfw
Message-ID:  <3883DFAC.9129CCBA@origen.com>
References:  <3882608D.E77903EE@origen.com> <20000117205243.A63571@cc942873-a.ewndsr1.nj.home.com>

next in thread | previous in thread | raw e-mail | index | archive | help

> > I cannot now use the 'setup' option for TCP packets.  
> 
> And the error message is...?

When this line is run

/sbin/ipfw add pass tcp from any to {$oip} 25 setup 

I get: 

ipfw: error: extraneous filename arguments
usage: ipfw [options]
    [pipe] flush
    add [number] rule
    [pipe] delete number ...
    [pipe] list [number ...]
    [pipe] show [number ...]
    zero [number ...]
 
<SNIP> Continuing syntax suggestions from ipfw including established/setup
option..

however, when the word 'setup' is dropped, the rule is added to the set. 

Very puzzling, I get the same error when I try to load the default rc.firewall
script which came with the package. I am about ready to set up another system
and retrace my steps to see where the conflict came in. 


> 
> > ************
> >
> > reply packets coming back to our LAN are addressed back to the 
> > internal LAN IPs. I though natd woudl give them the external IP
> 
> The packets with addresses of your private address-space are leaking
> out onto the net? That should not be happening. How is natd configured
> and how is your network setup? What are your firewall rules?

the natd line is 2nd in the set after the flush command


   /sbin/ipfw add divert natd all from any to any via xl0 

xl0 being the external NIC; vx0 the internal LAN


ps reports natd is running with the -n flag on xl0



-- 
Richard Martin       dmartin@origen.com

OriGen Biomedical    Tel: +1 512 474 7278
2525 Hartford Rd.    Fax: +1 512 708 8522
Austin, TX 78703     http://www.formed.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3883DFAC.9129CCBA>