Date: Tue, 20 Oct 1998 04:26:28 -0400 From: "Matt Prigge" <prigge@bucknell.edu> To: <junkmale@xtra.co.nz>, <freebsd-questions@FreeBSD.ORG> Subject: Re: More IPFW/natd trouble, but I'm close! Message-ID: <08f401bdfc03$55aacbc0$28735286@prigge.resnet.bucknell.edu>
next in thread | raw e-mail | index | archive | help
Im really not sure what youre asking. Basically everything has to get filtered through natd before it can be run through the rest of the ipfw rules. some exceptions to this are the two loopback rules simply because they generally never involve either of youre other network interfaces (could be wrong here, but i dont think so). The basic rule is that you have natd before you have _any_ "add pass" or "add allow" rules. Hope that answered youre question!s - Matt -----Original Message----- From: Dan Langille <junkmale@xtra.co.nz> To: Bryce Newall <data@dreamhaven.net>; prigge@bucknell.edu <prigge@bucknell.edu> Cc: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Date: Tuesday, October 20, 1998 3:28 AM Subject: Re: More IPFW/natd trouble, but I'm close! > On Tue, 20 Oct 1998, Matt Prigge wrote: > > > line referencing natd is not early enough in rc.firewall. all of your > > packets from the internal network are being forwarded before natd gets > > to change their network numbers (and no sane internet router will pass > > unregistered ip addresess). try putting "ipfw add divert natd all from > > any to any via vx0" right before "ipfw add 65000 pass all from any to > > any". If I'm confused. Why does rc.firewall put such things at the start of the list if its not intended to be there? -- Dan Langille DVL Software Limited The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08f401bdfc03$55aacbc0$28735286>