From owner-freebsd-ipfw  Wed Sep 19  1:23:39 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from star.rila.bg (star.rila.bg [194.141.1.32])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3D9B037B415; Wed, 19 Sep 2001 01:23:33 -0700 (PDT)
Received: from star.rila.bg (vlady@localhost [127.0.0.1])
	by star.rila.bg (8.11.4/8.11.4) with ESMTP id f8J8Pkc09377;
	Wed, 19 Sep 2001 11:25:46 +0300 (EEST)
	(envelope-from vlady@star.rila.bg)
Message-Id: <200109190825.f8J8Pkc09377@star.rila.bg>
X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.3
To: freebsd-hackers@freebsd.org
Cc: freebsd-ipfw@freebsd.org
From: "Vladimir Terziev" <vladimirt@rila.bg>
Subject: Problem with IPFW and NATD (also sent to freebad-net mailing list)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 19 Sep 2001 11:25:45 +0300
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG


Hi,

I have a gateway machine which runs NATD and have IP packet filter IPFW with 
the following rules:


ipfw add 100 allow ip from any to any via lo0

ipfw add 10002 skipto 20000 tcp from 192.168.15.2 to any 21
ipfw add 10003 skipto 20000 tcp from 192.168.15.2 to any 53,6667,6668
ipfw add 10004 skipto 20000 udp from 192.168.15.2 to any 53,4000

ipfw add 11000 deny ip from 192.168.15.0/24 to any

ipfw add 20000 divert natd ip from any to any via an0

ipfw add 63000 allow ip from PUBLIC_IP to any
ipfw add 64000 allow ip from any to PUBLIC_IP

ipfw add 30001 allow tcp from any 21 to 192.168.15.2 established
ipfw add 30002 allow tcp from any 53,6667,6668 to 192.168.15.2 established
ipfw add 30003 allow udp from any 53,4000 to 192.168.15.2

ipfw add 65000 deny ip from any to any


The gateway machine is FreeBSD 4.4-RC and has 2 interfaces (internal, and 
external - an0). I need only one of machines in the local network to have 
connectivity to "the rest of the world".

I've read all the documentation about ipfw(8), divert(4) and natd(8). 
Regarding to it the above rules should provide what I want, but they don't !!!

Does anybody have an idea why?

regards,
		Vladimir



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message