Date: Thu, 14 Aug 2003 19:52:29 -0700 (PDT) From: Gerald Gauthreaux <mass_design@yahoo.com> To: freebsd-ipfw@freebsd.org Message-ID: <20030815025229.53371.qmail@web11406.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hey guys. Got my firewall to function with natd. It works fine except for the fact that everything is open(I think). zero_gate# ipfw -a l 00100 10061 4078454 divert 8668 ip from any to any via sis0 06500 13504 5987495 allow ip from any to any 65535 1266 315654 deny ip from any to any zero_gate# Of course sis0 is the WAN interface, and rl0 is the LAN interface. The problem comes in when I take out rule 6500 (allow ip from any to any), and allow certain ports in, and all ports out. It seem like nothing comes in unless I specify the outside ip. Example, 53 is allowed in and out but no response when I add the ip of my DNS server it will work All out 00700 7 376 allow tcp from 192.168.1.0/24 to any 00800 5 696 allow udp from 192.168.1.0/24 to any DNS 00500 0 0 allow tcp from any to any dst-port 53 00600 40 2699 allow udp from any to any dst-port 53 This is what makes it work. 01800 8 2459 allow udp from 68.xxx.xxx.xxx to any Do you know of a better way to do this. Any light you could shed on this would be greatly appreciated. Thanks, Beau __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030815025229.53371.qmail>