Date: Thu, 20 Aug 1998 08:54:22 -0700 (PDT) From: Ben <spy@tyr.office.efn.org> To: laurens van alphen <alphen@craxx.com> Cc: ben@efn.org, freebsd-security@FreeBSD.ORG Subject: Re: natd and ipfw rules not working together Message-ID: <Pine.BSF.3.96.980820084925.21368D-100000@Tyr.office.EFN.org> In-Reply-To: <000201bdcc31$926e5510$0a00a8c0@uptight.student.utwente.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Aug 1998, laurens van alphen wrote:
>
> rc.firewall contains:
> $fwcmd add divert natd all from any to any via ${natd_interface}
> where natd _interface is ed0
>
> next the default rc.firewall contained these rules:
>
> $fwcmd add deny all from 192.168.0.0/16 to any via ${oif}
> $fwcmd add deny all from any to 192.168.0.0/16 via ${oif}
Check to see if the deny rules are indeed being hit(ipfw -a l will show a
counter of how many packets it has denied/allowed). You should also add
numerics to the rules:
$fwcmd add 1 divert natd all from any to any via $nat_interface
I might also change these rules to:
$fwcmd add 100 deny all from 192.168.0.0/16 to any via ${oif} in
$fwcmd add 101 deny all from any to 192.168.0.0/16 via ${oif} in
> --
> laurens van alphen
> craxx e-consultants
> alphen@craxx.com
> http://craxx.com/
>
> -- the information contained in this communication is confidential and
> may be legally privileged. it is intended solely for the use of the
> individual or entity to whom it is addressed and others authorised to
You mispelled authorized.
> receive it. if you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in
> reliance of the contents of this information is strictly prohibited and
> may be unlawful. craxx is either liable for the proper and complete
> transmission of the information contained in this communication nor
> for any delay in its receipt.
-ben@efn.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980820084925.21368D-100000>