From owner-freebsd-security  Sat Sep  8 19:55:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp02.mrf.mail.rcn.net (smtp02.mrf.mail.rcn.net [207.172.4.61])
	by hub.freebsd.org (Postfix) with ESMTP id 37BA937B407
	for <freebsd-security@freebsd.org>; Sat,  8 Sep 2001 19:55:20 -0700 (PDT)
Received: from 209-122-223-52.s2250.apx1.nyw.ny.dialup.rcn.com ([209.122.223.52] helo=confusion)
	by smtp02.mrf.mail.rcn.net with smtp (Exim 3.33 #10)
	id 15fukg-0005rV-00
	for freebsd-security@freebsd.org; Sat, 08 Sep 2001 22:55:18 -0400
Message-ID: <001401c10822$99f27ac0$34df7ad1@unstable.org>
From: "Klik" <klik@unstable.org>
To: <freebsd-security@freebsd.org>
Subject: ipfw + natd woes
Date: Sun, 8 Jul 2001 22:55:22 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0011_01C10801.11C383E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_0011_01C10801.11C383E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

I'm having trouble setting up my ipfw firewall with a default rule of =
deny while using natd.. My setup is as follow:

Cablemodem--> nic1--| FreeBSD box |--nic2--> HUB

natd flags:  -w -s -n nic1

If I remove the 'allow ip from any to any' rule and add bunch of permit =
statements for DNS, HTTP, IRC, etc..  The packets will only go to the =
FreeBSD machine. None of the machines on the local network are able to =
access the outside world.  I've read the past threads about ipfw and =
natd, the natd and ipfw man pages ...I'm about to pull my hair out

Any help would be greatly appreciated
Greg

------=_NextPart_000_0011_01C10801.11C383E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4207.2601" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I'm having trouble setting up my ipfw =
firewall with=20
a default rule of deny while using natd.. My setup is as =
follow:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Cablemodem--&gt; nic1--| FreeBSD box =
|--nic2--&gt;=20
HUB</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>natd flags:&nbsp; -w -s -n =
nic1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>If I remove the 'allow ip from any to =
any' rule and=20
add bunch of permit statements for DNS, HTTP, IRC, etc..&nbsp;&nbsp;The =
packets=20
will only go to the&nbsp;FreeBSD machine.&nbsp;N</FONT><FONT =
face=3DArial=20
size=3D2>one of the machines on the local network are able to access the =
outside=20
world.&nbsp; I've read the past threads about ipfw and natd, =
the&nbsp;natd=20
and&nbsp;ipfw man pages ...I'm about to pull my hair out</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Any help would be greatly&nbsp;<FONT=20
face=3D"Times New Roman" size=3D3>appreciated</FONT></FONT></DIV>
<DIV>Greg</DIV></BODY></HTML>

------=_NextPart_000_0011_01C10801.11C383E0--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message