Date: Wed, 3 Jan 2001 13:12:02 -0500 From: Phil C <mongo@elephantitis.org> To: freebsd-questions@freebsd.org Subject: ipfw, check-state & natd Message-ID: <20010103131202.A62258@planw-65-33-233-186.pompano.net>
next in thread | raw e-mail | index | archive | help
Is there a way to allow for checking the state of out bound packets within
ipfw ... While also using natd for masquerading? I have tried adding the
'keep-state' directive on outbound rules for my lan interface and my isp
interface ie:
ipfw add check-state
...
ipfw add pass ip from ${cable} to any keep-state
ipfw add pass tcp from ${net}:${mask} to any setup via ${if_lan} keep-state
...
ipfw add deny ip from any to any
Tho when I do this all pakcets drop without a trace, because I would assume
the state does not match. I say that I assume because the check-state rule
never increases in packet count and the deny rules do not increase either.
Tho in my logs I see that packets are being denied and there are a lot of
'natd: failed to write packet back (Permission denied)' messages too.
So does anyone have any ideas?
--
Thanks,
Phil
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010103131202.A62258>