Date: Thu, 06 Jul 2000 17:02:31 -0700 From: "Raymundo M. Vega" <RaymundoVega@home.com> To: Jens Sauer <pirol9999@gmx.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW-question Message-ID: <39651E17.501DF3BD@home.com> References: <20000706235327.C80FB37BA3B@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jens Sauer wrote: > > Hi all, > > i am using ipfw for the very first time and have the following problem: > > i configured my kernel with FIREWALL- and IPDIVERT-support fot NATD, > because of my private-address-clients. > > my rc.conf looks that way: > > ... > **ISDN-things** > ... > natd_enable="YES" > natd_interface="isp0" > natd_flags="-dynamic" > firewall_enable="YES" > gateway_enable="YES" > > my isdn-interface ISP0 is working fine, when i ping the internet from > the firewall, it dials, all ok. > > but when i traceroute into the internet from a LAN-client (192.168.0.x), > the isdn-card on the firewall is successfully dialing (interface is up), > but the packets are only going up to the network-card on the firewall, > then i get a timeout. > > I configured IPFW like that: > > ipfw -f flush > ipfw add pass all from any to any > ipfw add divert natd all from any to any via isp0 I think the ipfw divert must go before the pass line raymundo > > Or do i have to add the option "IP_FIREWALL_FORWARD" into kernel (because > at boottime he's telling me: ...default to deny .... rule-based forwarding > disabled...)? but i thought, this would only be for a transparent proxy? > > Please help a bloody newbie :-) > Thanks > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39651E17.501DF3BD>