Date: Thu, 5 Aug 1999 15:45:36 -0600 From: "'Oscar Bonilla'" <obonilla@fisicc-ufm.edu> To: "David B. Aas" <dave@ciminot.com> Cc: "'Oscar Bonilla'" <obonilla@fisicc-ufm.edu>, "'Ray Seals'" <rayseals@midwestis.com>, "'Thomas Uhrfelt'" <thomas.uhrfelt@plymovent.se>, questions@FreeBSD.ORG Subject: Re: FW: Need consulting help with v3.2 firewall Message-ID: <19990805154536.A885@fisicc-ufm.edu> In-Reply-To: <000801bedf87$92edf580$0fc8a8c0@dave.ciminot.com>; from David B. Aas on Thu, Aug 05, 1999 at 04:12:51PM -0500 References: <000801bedf87$92edf580$0fc8a8c0@dave.ciminot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
see comments embedded...
Let me see if I understand your topology...
Inside net: 129.1.1.0/24
Firewall: xl0 (129.1.1.?) Inside Interface
xl1 (208.149.231.82) Outside Interface
What is 208.149.231.26 ?
Note that you're not using RFC 1918 Addressed on the inside net.
If your IP addresses for the inside are valid (i.e. registered and
visible from the internet) you don't need to use natd. If they are
not valid you should use RFC 1918 Addresses...
From the natd manpage:
-unregistered_only | -u
Only alter outgoing packets with an unregistered source ad-
dress. According to rfc 1918, unregistered source addresses
are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
I would suggest deleting all rules and leaving just the natd stuff (if
you need it) and an allow ip from any to any. See if that works (also
try ping). If it doesn't you've crossed out the ruleset as a possible
cause of trouble. Something else is misconfigured. If it does work,
change the ruleset to deny ip from any to any and slowly start adding
rules until you have everything working.
Regards,
-Oscar
--
For PGP Public Key: finger obonilla@fisicc-ufm.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990805154536.A885>