From owner-freebsd-ipfw Thu Jan 17 14:13:19 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from blackbox.greystork.com (sub27-6.member.dsl-only.net [63.105.27.6]) by hub.freebsd.org (Postfix) with ESMTP id 62A8437B404 for ; Thu, 17 Jan 2002 14:13:16 -0800 (PST) Received: (from nobody@localhost) by blackbox.greystork.com (8.11.3/8.11.3) id g0HMDFW21975 for ipfw@freebsd.org; Thu, 17 Jan 2002 14:13:15 -0800 (PST) (envelope-from flemming@froekjaer.org) X-Authentication-Warning: blackbox.greystork.com: nobody set sender to flemming@froekjaer.org using -f To: ipfw@freebsd.org Subject: ipfw and nat Message-ID: <1011305595.3c474c7ba1e17@greystork.com> Date: Thu, 17 Jan 2002 14:13:15 -0800 (PST) From: =?ISO-8859-1?Q?Flemming_Fr=F8kj=E6r?= MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.7 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I cant get thrue my firewall. If I try to ping the firewall or anything outside I get a no response, and if I try to ping from the firewall to a ip behind it I get a permission denied, or something like that. I tryed to go to grab a web page outside the firewall, and it seemed like after droping a lot of the packages I got something thrue, but it was only a small fragment of the packages. Any hints to what I'm doing wrong would be most wellcome. /Flemming Kernel is 4.5RC and I have added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100options IPDIVERT In RC.conf I have: ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" ifconfig_fxp0="inet 192.168.111.1 netmask 255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" gateway_enable="YES" firewall_enable="YES" firewall_type="simple" natd_enable="YES" natd_interface="fxp0" If I set the firewall_type to open then I can get out, but I would like a little more security than that. in rc.firewall I have edited the following: oif="fxp0" onet="xxx.xxx.xxx.xxz" omask="255.255.255.252" oip="xxx.xxx.xxx.xxx" iif="fxp1" inet="192.168.111.0" imask="255.255.255.0" iip="192.168.111.1" Everything else is left to default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message