From owner-freebsd-questions  Mon Oct 19 17:32:04 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA11439
          for freebsd-questions-outgoing; Mon, 19 Oct 1998 17:32:04 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclops.xtra.co.nz (cyclops.xtra.co.nz [202.27.184.96])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA11372
          for <freebsd-questions@FreeBSD.ORG>; Mon, 19 Oct 1998 17:31:51 -0700 (PDT)
          (envelope-from junkmale@pop3.xtra.co.nz)
Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87])
	by cyclops.xtra.co.nz (8.9.1/8.9.1) with SMTP id NAA20667
	for <freebsd-questions@FreeBSD.ORG>; Tue, 20 Oct 1998 13:31:12 +1300 (NZDT)
Message-Id: <199810200031.NAA20667@cyclops.xtra.co.nz>
From: "Dan Langille" <junkmale@xtra.co.nz>
Organization: DVL Software Limited
To: freebsd-questions@FreeBSD.ORG
Date: Tue, 20 Oct 1998 13:31:11 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: ipfw and natd confusion
Reply-to: junkmale@xtra.co.nz
X-mailer: Pegasus Mail for Win32 (v3.01b)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

I'm in the process of setting up ipfw rules within rc.firewall using the 
simple model under 2.2.7.  I have some questions about two of the rules:

00700 deny ip from any to 192.168.0.0/16 via ed0

This rule prevents me from connecting to the outside world.  For some 
reason, it doesn't allow me to, say, connect to my ISP news server.  Is 
natd screwing up somewhere?

01300 deny log tcp from any to any in recv ed0 setup
This prevents IRC connections from occurring.  I'm sure I can use some 
other set of rules to restrict this, but in the meantime, I've removed it. 
 Any suggestions for starters?

The full rule set appears for a short while at: 
http://www.freebsddiary.com/freebsd/firewall.htm

I didn't think posting them to the mailing list was appropriate.

thanks.

--
Dan Langille
DVL Software Limited
The FreeBSD Diary - my [mis]adventures
http://www.FreeBSDDiary.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message