From owner-freebsd-questions  Mon Oct 19 20:01:52 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA27250
          for freebsd-questions-outgoing; Mon, 19 Oct 1998 20:01:52 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclops.xtra.co.nz (cyclops.xtra.co.nz [202.27.184.96])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA27230
          for <freebsd-questions@FreeBSD.ORG>; Mon, 19 Oct 1998 20:01:50 -0700 (PDT)
          (envelope-from junkmale@pop3.xtra.co.nz)
Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87])
	by cyclops.xtra.co.nz (8.9.1/8.9.1) with SMTP id QAA18220
	for <freebsd-questions@FreeBSD.ORG>; Tue, 20 Oct 1998 16:01:23 +1300 (NZDT)
Message-Id: <199810200301.QAA18220@cyclops.xtra.co.nz>
From: "Dan Langille" <junkmale@xtra.co.nz>
Organization: DVL Software Limited
To: freebsd-questions@FreeBSD.ORG
Date: Tue, 20 Oct 1998 16:01:22 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: ipfw and natd confusion
Reply-to: junkmale@xtra.co.nz
In-reply-to: <199810200031.NAA20667@cyclops.xtra.co.nz>
X-mailer: Pegasus Mail for Win32 (v3.01b)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 20 Oct 98, at 13:31, Dan Langille wrote:

> I'm in the process of setting up ipfw rules within rc.firewall using the
> simple model under 2.2.7.  I have some questions about two of the rules:
> 
> 00700 deny ip from any to 192.168.0.0/16 via ed0

I thought this rule was to stop spoofing.  Then why does it stop me 
getting outside?  I suspect an natd problem but have no proof.  In the 
meantime, I've added this rule before the above and it seems to do what I 
need:

   allow ip from any to 192.168.0.0/16 via ed0

Why are my IPS going tou via ed0 not being mapped to another IP before 
they hit ed0?  Is my understanding of natd all wrong?

> 01300 deny log tcp from any to any in recv ed0 setup
> This prevents IRC connections from occurring.  I'm sure I can use some
> other set of rules to restrict this, but in the meantime, I've removed it.

This one has been fixed by doing the following rules:

01210 allow tcp from any to 210.55.210.87 194
01220 allow udp from any to 210.55.210.87 194

Thanks.

--
Dan Langille
DVL Software Limited
The FreeBSD Diary - my [mis]adventures
http://www.FreeBSDDiary.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message