From owner-freebsd-questions Thu Dec 23 11:19:45 1999 Delivered-To: freebsd-questions@freebsd.org Received: from adsl-206-170-238-103.dsl.lsan03.pacbell.net (adsl-206-170-238-103.dsl.lsan03.pacbell.net [206.170.238.103]) by hub.freebsd.org (Postfix) with ESMTP id 64E8C15832 for ; Thu, 23 Dec 1999 11:19:40 -0800 (PST) (envelope-from pouncy@rtscomputer.net) Received: from db (db.rp.com [192.168.1.2]) by adsl-206-170-238-103.dsl.lsan03.pacbell.net (8.9.3/8.9.3) with SMTP id LAA02672 for ; Thu, 23 Dec 1999 11:19:20 -0800 (PST) (envelope-from pouncy@rtscomputer.net) Message-ID: <008c01bf4d7b$8fb20cf0$0201a8c0@rp.com> From: "Richard Pouncy" To: Subject: Simple or Open Firewall Date: Thu, 23 Dec 1999 11:26:07 -0800 Organization: rTs Computer Systems (310) 213-4RTS MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Happy Holidays All, I am having a problem with setting up network Address Translations (NATD) to maintain some inbound security while allowing some ports (8080) to be diverted to another machine running on a private network (192.168.1.0/255.255.255.0). When the rules for the firewall is set to "open" ( $fwcmd add 65000 pass all from any to any), the translation and diverting works great. But when trying to set some security rules, everything stops working. natd.conf file with the following in it: interface ed0 deny_incoming no use_sockets yes same_ports yes redirect_port tcp 192.168.1.2:80 8080 content of the rc.firewall file: # Allow TCP through if setup succeeded $fwcmd add pass tcp from any to any established # Allow setup of incoming email $fwcmd add pass tcp from any to ${oip} 25 setup # Allow access to out ftp server $fwcmd add pass tcp from any to ${oip} 21 setup # Allow access to out Telnet server $fwcmd add pass tcp from 63.194.21.189 to ${oip} 23 setup # Allow access to our DNS $fwcmd add pass tcp from any to ${oip} 53 setup # Allow access to our WWW $fwcmd add pass tcp from any to ${oip} 80 setup # Reject&Log all setup of incoming connections from the outside $fwcmd add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection $fwcmd add pass tcp from any to any setup # Allow DNS queries out in the world $fwcmd add pass udp from any 53 to ${oip} $fwcmd add pass udp from ${oip} to any 53 # Allow NTP queries out in the world #$fwcmd add pass udp from any 123 to ${oip} #$fwcmd add pass udp from ${oip} to any 123 # Everything else is denied as default. everything works great with: $fwcmd add 65000 pass all from any to any -- LINUX/UNIX/NT Consultant/Administrator Richard Pouncy Voice: 310-213-4RTS ICQ# : 31450231 http://www.rtscomputer.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message