From owner-freebsd-doc@FreeBSD.ORG Fri May 18 11:23:00 2007 Return-Path: X-Original-To: doc@FreeBSD.org Delivered-To: freebsd-doc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2981D16A402 for ; Fri, 18 May 2007 11:23:00 +0000 (UTC) (envelope-from adrenalinup@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.237]) by mx1.freebsd.org (Postfix) with ESMTP id DF27713C468 for ; Fri, 18 May 2007 11:22:59 +0000 (UTC) (envelope-from adrenalinup@gmail.com) Received: by nz-out-0506.google.com with SMTP id s1so1352650nze for ; Fri, 18 May 2007 04:22:59 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UjNNARTbWv7vsDLKKW9gKC2O9fijYsdshULbBBqvvWJH9wtPLj9pdEi0fZS9SDu5U0/O6AzLSuIV1NomdUe5oLySiyCSoMB1MvpxHVRpLMe40JEaYgt2Rb/6kgoESim9QdFD8PvCq9VbpEyedjf/bbhIK+UP6Qniin41mAAG62g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=jwwBZsEK8+WNWUGsDvE1VTyq+EkbpNDBmj/iEOs7RklNDddhh1gcDEU69bgYWOE3eMjGe7dU91eNAZk+RSajWgh30Gg0WcWkrM0g1m871ivsrznYef+Gfp77dnquO/si4X9FCxSZcWli/19HYVqhsWqomVEzunIFCdZbHieKuUM= Received: by 10.114.149.2 with SMTP id w2mr819078wad.1179485755178; Fri, 18 May 2007 03:55:55 -0700 (PDT) Received: by 10.114.13.8 with HTTP; Fri, 18 May 2007 03:55:55 -0700 (PDT) Message-ID: Date: Fri, 18 May 2007 13:55:55 +0300 From: "Nicolae Namolovan" To: doc@FreeBSD.org, questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Little error in rules from handbook/firewalls-ipfw.html 28.6.5.7 An Example NAT and Stateful Ruleset X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2007 11:23:00 -0000 Section 28.6.5.7 An Example NAT and Stateful Ruleset Example Ruleset #2: .. $cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state .. AFAIK dns use also udp, so tcp is not really correct here. I have changed the tcp->ip, but still was not work because of "setup" :) That mean "tcpflags syn,!ack" what I guess is inaplicable to UDP packets, so it will never pass. Hope you'll change this to something like: $cmd 020 $skip ip from any to x.x.x.x 53 out via $pif keep-state Thanks a lot. I spend on this smth. arround 5 hours, that's why I writing to you right now.. %) I also have added a rule like $cmd 070 $skip ip from me to any out via $pif setup keep-state But again that deamn "setup" %) That's a leson for a enitre life.. -- Best regards, Nicolae Namolovan.