Date: Sun, 8 Jul 2001 22:55:22 -0400 From: "Klik" <klik@unstable.org> To: <freebsd-security@freebsd.org> Subject: ipfw + natd woes Message-ID: <001401c10822$99f27ac0$34df7ad1@unstable.org>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0011_01C10801.11C383E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I'm having trouble setting up my ipfw firewall with a default rule of = deny while using natd.. My setup is as follow: Cablemodem--> nic1--| FreeBSD box |--nic2--> HUB natd flags: -w -s -n nic1 If I remove the 'allow ip from any to any' rule and add bunch of permit = statements for DNS, HTTP, IRC, etc.. The packets will only go to the = FreeBSD machine. None of the machines on the local network are able to = access the outside world. I've read the past threads about ipfw and = natd, the natd and ipfw man pages ...I'm about to pull my hair out Any help would be greatly appreciated Greg ------=_NextPart_000_0011_01C10801.11C383E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4207.2601" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I'm having trouble setting up my ipfw = firewall with=20 a default rule of deny while using natd.. My setup is as = follow:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Cablemodem--> nic1--| FreeBSD box = |--nic2-->=20 HUB</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>natd flags: -w -s -n = nic1</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>If I remove the 'allow ip from any to = any' rule and=20 add bunch of permit statements for DNS, HTTP, IRC, etc.. The = packets=20 will only go to the FreeBSD machine. N</FONT><FONT = face=3DArial=20 size=3D2>one of the machines on the local network are able to access the = outside=20 world. I've read the past threads about ipfw and natd, = the natd=20 and ipfw man pages ...I'm about to pull my hair out</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Any help would be greatly <FONT=20 face=3D"Times New Roman" size=3D3>appreciated</FONT></FONT></DIV> <DIV>Greg</DIV></BODY></HTML> ------=_NextPart_000_0011_01C10801.11C383E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001401c10822$99f27ac0$34df7ad1>