From owner-freebsd-questions@FreeBSD.ORG Tue Apr 1 08:55:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A4F237B401 for ; Tue, 1 Apr 2003 08:55:23 -0800 (PST) Received: from blueyonder.co.uk (pcow058o.blueyonder.co.uk [195.188.53.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5631C43FA3 for ; Tue, 1 Apr 2003 08:55:20 -0800 (PST) (envelope-from jfm@blueyonder.co.uk) Received: from lexx ([62.31.198.203]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75); Tue, 1 Apr 2003 17:54:17 +0100 From: John Murphy To: questions@FreeBSD.ORG Date: Tue, 01 Apr 2003 17:54:16 +0100 Organization: poor Message-ID: X-Mailer: Forte Agent 1.9/32.560 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: Firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jfm@blueyonder.co.uk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 16:55:23 -0000 "John Meyer" wrote: >add 00100 tcp from any to any > >When I disable that as well all seems to work well. It looks like the = option >in rc.conf firewall_type=3D"/etc/firewall.ast" does not get interpreted >correctly. That rule should certainly have an 'action' keyword eg. allow. Try 'add 100 allow tcp from any to any'. >2nd Problem is I need to divert my public ip port 80 to a private ip = port 80 >what are the steps in natd to follow without compromising my security on= the >private side. That would require a rule with 'divert' as the action keyword. man 8 ipfw for the details. John.