From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 19 21:15:24 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 846F3106564A
	for <questions@freebsd.org>; Wed, 19 Mar 2008 21:15:24 +0000 (UTC)
	(envelope-from ccowart@rescomp.berkeley.edu)
Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU
	[169.229.70.150])
	by mx1.freebsd.org (Postfix) with ESMTP id 6651C8FC13
	for <questions@freebsd.org>; Wed, 19 Mar 2008 21:15:24 +0000 (UTC)
	(envelope-from ccowart@rescomp.berkeley.edu)
Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225)
	id 74BE63C04CF; Wed, 19 Mar 2008 13:56:01 -0700 (PDT)
Date: Wed, 19 Mar 2008 13:56:00 -0700
From: Christopher Cowart <ccowart@rescomp.berkeley.edu>
To: Robert Huff <roberthuff@rcn.com>
Message-ID: <20080319205600.GJ39509@hal.rescomp.berkeley.edu>
Mail-Followup-To: Robert Huff <roberthuff@rcn.com>, questions@freebsd.org
References: <18401.29043.824662.173177@jerusalem.litteratus.org>
	<18401.30778.630307.932644@jerusalem.litteratus.org>
	<18401.31783.343088.197533@jerusalem.litteratus.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="2VXyA7JGja7B50zs"
Content-Disposition: inline
In-Reply-To: <18401.31783.343088.197533@jerusalem.litteratus.org>
Organization: RSSP-IT, UC Berkeley
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: questions@freebsd.org
Subject: Re: (more) confusion configuring NAT
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 21:15:24 -0000


--2VXyA7JGja7B50zs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Robert Huff wrote:
>=20
> 	1) when I add the nat instance, it assigns it rule # 65100.  Is
> this a problem?  Is there a way to assign my own rule #?  (ipfw
> seems not to like two "add"s in the same line.)
>=20
> 	2) NAT still doesn't work.  Still connected, but can't surf to
> www.google.com using Firefox.

My kernel conf:
| options IPFIREWALL
| options IPFIREWALL_VERBOSE
| options IPFIREWALL_VERBOSE_LIMIT=3D100
| options IPFIREWALL_FORWARD
| options IPFIREWALL_NAT
| options LIBALIAS

My (abbreviated) ipfw.rules script:
| /sbin/ipfw -q nat 1 config if vlan98 log reset unreg_only same_ports
| $CMD allow all from any to any via lo0
| $CMD nat 1 ip4 from any to any
| $CMD allow icmp from any to any
| $CMD deny log ip from any to me
| $CMD allow ip4 from any to any

--=20
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley

--2VXyA7JGja7B50zs
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iQIVAwUBR+F94CPHEDszU3zYAQI3uBAAvxHc901X9XmIVDK6/8wb/C+EzhYIyptj
XfjRmqlHJM7xR8tUJfy2tPQeWq2+dZVClNSQHkIcrkMtCFFeFGD3rwj1i8rQyb/4
c4j76aaplHDij34vP2KteQsOIOBbPZF8xUovR6G0YLQVmlxLi4rY4HuiI36766Ax
qY3AI9Pn52bZfMZGhmVKCH7lmaoR9XoQ8zdFbLM+FrKsI9ahQddIgsUboVqhNSGF
mt26RluSpEgYRkDvdF8pFi6YkO01Ql6XyST7uBzuYrn++4xK/Ak7hq9lsqr+U7Gx
5HKRiar6r5B9F9r4CB6AhqtQGQxe8Gq4flJi31pBymfJVTatLc6B+q6QUDZEAQyx
Cb3yX42nNE2n5sBIvRvr6N/VpQ9Mfz4Lv5th1sOw2IeI2ftpDONbiJnwj9/Psb+Y
OZyp1opPq8Gz4DrLqhtFzUy6SLjQ9JTuWD4JoK6Bbbfo0tJucUazOzW4phRRv146
W0f28pS8yujaob8L/xBQqcgCDx2bayIqtNrdogZeloZB1yq/RdoHtnrQokBUCPLD
nWhJ344Viue6Cd3A58pmmmQT6y22ESbTGjSTbmHCBYccGaeYfp5fx3Z3CPMsQ4yo
QAj8JDj6TZZ922grtrQH+IV/0QhjVerc+PD2Km3REMFCY8aKBpHXnExZ/q93+a7L
62OP95M3qYo=
=Nimh
-----END PGP SIGNATURE-----

--2VXyA7JGja7B50zs--