From owner-freebsd-questions  Mon Oct 19 20:12:00 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA28056
          for freebsd-questions-outgoing; Mon, 19 Oct 1998 20:12:00 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclops.xtra.co.nz (cyclops.xtra.co.nz [202.27.184.96])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA28049
          for <freebsd-questions@FreeBSD.ORG>; Mon, 19 Oct 1998 20:11:57 -0700 (PDT)
          (envelope-from junkmale@pop3.xtra.co.nz)
Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87])
	by cyclops.xtra.co.nz (8.9.1/8.9.1) with SMTP id QAA20083;
	Tue, 20 Oct 1998 16:10:46 +1300 (NZDT)
Message-Id: <199810200310.QAA20083@cyclops.xtra.co.nz>
From: "Dan Langille" <junkmale@xtra.co.nz>
Organization: DVL Software Limited
To: "Matt Prigge" <prigge@bucknell.edu>
Date: Tue, 20 Oct 1998 16:10:45 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: Help! Natd & ipfw
Reply-to: junkmale@xtra.co.nz
CC: freebsd-questions@FreeBSD.ORG
In-reply-to: <070701bdfbce$1848c960$28735286@prigge.resnet.bucknell.edu>
X-mailer: Pegasus Mail for Win32 (v3.01b)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 19 Oct 98, at 22:05, Matt Prigge wrote:

> Hi everyone!  I am trying to set up a firewall on FreeBSD 2.2.7 using natd
> and ipfw. I have been using the "OPEN" setting sucessfully for quite a
> while, but due to the increasing importance of security in this
> application am trying to tighten things down a bit. I made up this
> rc.firewall using bits and peices of the SIMPLE rc.firewall that is
> provided with ipfw. The problem is that when the server tries to respond
> to a TCP setup packet for any type of connection (ssh, popmail, and telnet
> in this case) it responds with a "natd: failed to write packet back
> (Permission denied)" error to the console. I have all of the kernel
> options that are required installed and working, so that is not the
> problem. I have attached a copy of my rc.firewall and a snippet of the
> /var/log/messages log that shows the sort of thing that im talking about.
> I hope someone can help as this is getting more frustrating the more I
> work with it. Mailing me directly is fine. Thanks!

You and I are in the same boat.  The simple firewall, by default, denies 
everything (more or less).  It's up to you to enable the things you want.

See http://www.freebsddiary.com/freebsd/firewall.htm for details on my 
progress and the other thread titled ipfw and natd confusion

--
Dan Langille
DVL Software Limited
The FreeBSD Diary - my [mis]adventures
http://www.FreeBSDDiary.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message