From owner-freebsd-hackers  Wed Sep 19  7: 4:34 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from star.rila.bg (star.rila.bg [194.141.1.32])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3851037B416; Wed, 19 Sep 2001 07:04:27 -0700 (PDT)
Received: from star.rila.bg (vlady@localhost [127.0.0.1])
	by star.rila.bg (8.11.4/8.11.4) with ESMTP id f8JE6cc12197;
	Wed, 19 Sep 2001 17:06:39 +0300 (EEST)
	(envelope-from vlady@star.rila.bg)
Message-Id: <200109191406.f8JE6cc12197@star.rila.bg>
X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.3
To: freebsd-net@freebsd.org
Cc: freebsd-hackers@freebsd.org
From: "Vladimir Terziev" <vladimirt@rila.bg>
Subject: Problem with IPFW and NATD (refined) !!!
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 19 Sep 2001 17:06:38 +0300
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Sorry, but there is a rule number mistake in my previous e-mail with the same 
subject.

I have a gateway machine which runs NATD (natd -unregistered_only -interface 
an0) and have IP packet filter IPFW with the following rules:


ipfw add 100 allow ip from any to any via lo0

ipfw add 10002 skipto 20000 tcp from 192.168.15.2 to any 21
ipfw add 10003 skipto 20000 tcp from 192.168.15.2 to any 53,6667,6668
ipfw add 10004 skipto 20000 udp from 192.168.15.2 to any 53,4000

ipfw add 11000 deny ip from 192.168.15.0/24 to any

ipfw add 20000 divert natd ip from any to any via an0

ipfw add 30000 allow ip from PUBLIC_IP to any
ipfw add 30000 allow ip from any to PUBLIC_IP

ipfw add 40001 allow tcp from any 21 to 192.168.15.2 established
ipfw add 40002 allow tcp from any 53,6667,6668 to 192.168.15.2 established
ipfw add 40003 allow udp from any 53,4000 to 192.168.15.2

ipfw add 65000 deny ip from any to any


The gateway machine is FreeBSD 4.4-RC and has 2 interfaces (internal, and 
external - an0). I need only one of machines in the local network to have 
connectivity to "the rest of the world".

I've read all the documentation about ipfw(8), divert(4) and natd(8). 
Regarding to it the above rules should provide what I want, but they don't !!!

Does anybody have an idea why?

regards,
		Vladimir



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message