Date: Fri, 4 Mar 2005 19:08:59 -0500 From: Ean Kingston <ean@hedron.org> To: "Florian Hengstberger" <e0025265@student.tuwien.ac.at> Cc: FreeBSD mailinglist <freebsd-questions@freebsd.org> Subject: Re: natd, ipfw problem Message-ID: <C5DB1E78-8D0A-11D9-B4F5-000A95D73348@hedron.org> In-Reply-To: <icuqbd.qihwwg@webmail.tuwien.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
It's been a while but I'll see if I can help out. On Friday, March 4, 2005, at 06:52 PM, Florian Hengstberger wrote: > Hi! > Tell me if I should post this otherwhere. > Given two network cards sis0 (external) and vr0 (internal) I'm trying > to give my girlfriend access to the web. Her ip is 192.168.0.2, > I've installed natd, a proper kernel and configured my firewall, > but so far only pings from her computer to the web works. > I guess there's something wrong with my firewall, because only > with the two standard entries (divert and allow all) everything > is fine. But now after hours of googling I can't find anything > which is wrong in my firewall. > > the /etc/natd.conf: > > interface sis0 > use_sockets yes > same_ports yes > redirect_port udp 192.168.0.2:53 53 > redirect_port tcp 192.168.0.2:53 53 > redirect_port tcp 192.168.0.2:80 80 > redirect_port tcp 192.168.0.2:443 443 > redirect_port udp 192.168.0.2:123 123 > redirect_port tcp 192.168.0.2:123 123 Unless you want her to run her own dns, web, and mail I don't think you need any of the redirect_port directives. Double-check to make sure that: - your firewall has routing enable - her computer has the proper gateway and dns servers set up > my firewall: > > add 00401 divert natd all from any to any via sis0 > add 00402 allow ip from any to any via vr0 > > ### TCP ### > add 00501 check-state > add 00502 deny tcp from any to any in established > add 00503 allow tcp from any to any out setup keep-state > # allow dns queries, dns-port=53 > add 00601 allow udp from any to any 53 keep-state via sis0 > # allow ntp queries, ntp-port=123 > add 00603 allow udp from any to any 123 keep-state via sis0 > # allow all outgoing udp traffic > add 00621 allow udp from any to any out via sis0 > > ### ICMP ### > # allow outgoing pings and the reply > add 00701 allow icmp from any to any out icmptypes 8 > add 00702 allow icmp from any to any in icmptypes 0 > # deny and log incoming pings from the outside > add 00703 deny log icmp from any to any in icmptypes 8 via sis0 > > ### SAMBA ### > # allow netbios services to local net, but log everything for debugging > purposes > add 00801 allow log tcp from any to any 137-139 via vr0 > add 00802 allow log udp from any to any 137-139 via vr0 > > Thanks a lot > Florian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C5DB1E78-8D0A-11D9-B4F5-000A95D73348>