Date: Sat, 5 Mar 2005 14:44:46 +0100 From: "Florian Hengstberger" <e0025265@student.tuwien.ac.at> To: FreeBSD mailinglist <freebsd-questions@freebsd.org> Subject: solution: ipfw, natd Message-ID: <icvsum.ht84g7@webmail.tuwien.ac.at>
next in thread | raw e-mail | index | archive | help
Hi! With this order (rules 201,501,502), everything works well. Other orders, although intuitivly correct, don't behave as expected. I tried divert, allow all from internal, check-state and nothing happened. # enable the natd add 00201 divert natd all from any to any via sis0 ### TCP ### # per default only outgoing tcp connections, established from my host are allowed # check against the dynamic rulesets, then allow traffic from internal network add 00501 check-state add 00502 allow all from any to any via vr0 keep-state add 00503 deny tcp from any to any in established via sis0 add 00504 deny all from any to any frag in via sis0 # allow all tcp setup connection add 00505 allow tcp from any to any out via sis0 setup keep-state Was hard to find, not well documented. The handbook suggests firewalltype OPEN, which is in fact not very sensible! A few more words on this would be fine or a reference to the Ipfw-Advanced-Supplement-HOWTO, which covers this case. Florian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?icvsum.ht84g7>