Date: Sat, 5 Mar 2005 00:52:25 +0100 From: "Florian Hengstberger" <e0025265@student.tuwien.ac.at> To: FreeBSD mailinglist <freebsd-questions@freebsd.org> Subject: natd, ipfw problem Message-ID: <icuqbd.qihwwg@webmail.tuwien.ac.at>
next in thread | raw e-mail | index | archive | help
Hi! Tell me if I should post this otherwhere. Given two network cards sis0 (external) and vr0 (internal) I'm trying to give my girlfriend access to the web. Her ip is 192.168.0.2, I've installed natd, a proper kernel and configured my firewall, but so far only pings from her computer to the web works. I guess there's something wrong with my firewall, because only with the two standard entries (divert and allow all) everything is fine. But now after hours of googling I can't find anything which is wrong in my firewall. the /etc/natd.conf: interface sis0 use_sockets yes same_ports yes redirect_port udp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:80 80 redirect_port tcp 192.168.0.2:443 443 redirect_port udp 192.168.0.2:123 123 redirect_port tcp 192.168.0.2:123 123 my firewall: add 00401 divert natd all from any to any via sis0 add 00402 allow ip from any to any via vr0 ### TCP ### add 00501 check-state add 00502 deny tcp from any to any in established add 00503 allow tcp from any to any out setup keep-state # allow dns queries, dns-port=53 add 00601 allow udp from any to any 53 keep-state via sis0 # allow ntp queries, ntp-port=123 add 00603 allow udp from any to any 123 keep-state via sis0 # allow all outgoing udp traffic add 00621 allow udp from any to any out via sis0 ### ICMP ### # allow outgoing pings and the reply add 00701 allow icmp from any to any out icmptypes 8 add 00702 allow icmp from any to any in icmptypes 0 # deny and log incoming pings from the outside add 00703 deny log icmp from any to any in icmptypes 8 via sis0 ### SAMBA ### # allow netbios services to local net, but log everything for debugging purposes add 00801 allow log tcp from any to any 137-139 via vr0 add 00802 allow log udp from any to any 137-139 via vr0 Thanks a lot Florian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?icuqbd.qihwwg>