Date: Thu, 21 Sep 2000 23:42:28 -0700 From: Chip <chip@wiegand.org> To: cjclark@alum.mit.edu Cc: "seafug@dub.net" <seafug@dub.net>, "freebsd-questions@freebsd.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: natd does port forwarding? Message-ID: <39CAFF54.88010B25@wiegand.org> References: <39C6FCCC.D0103226@wiegand.org> <20000918225104.I367@149.211.6.64.reflexcom.com> <39C70308.EF52766F@wiegand.org> <20000919000233.L367@149.211.6.64.reflexcom.com> <39C84A4B.766B5B24@wiegand.org> <20000919232213.Q367@149.211.6.64.reflexcom.com> <20000921003240.B367@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, all's well now when the rc.conf is set to firewall type open. When I change it to client or simple, the installed defaults, I no longer can access anything outside my network. I have recompiled the kernel and removed the default-to-accept line, now the ipfw show shows- 00100 divert 8668 ip from any to any via ep1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any One of my previous messages had the rc.firewall attached, I assume that is still available in the archive for review. I had it running the client rules for about 10 minutes then it mysteriously started preventing access outside my network. I switched between open and client several times, with open allowing outside access each time and client not allowing outside access each time. Any and all suggestions are welcome. -- Chip W. www.wiegand.org Alternative Operating Systems "Crist J . Clark" wrote: > > On Wed, Sep 20, 2000 at 10:33:38PM -0700, Chip wrote: > > [Attribution to me lost] > > > Not only do you have the distributed "open" firewall running, but you > > > must have built a kernel with the, > > > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > > > Which is not recommended. Other than that, no suprises. > > > > So, is it okay to go back and recompile the kernel without this > > option? What effect will that have on my currant set up? > > None. But when you actually want to build rules to protect your net, > default deny is the way to go. > -- > Crist J. Clark cjclark@alum.mit.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39CAFF54.88010B25>