From owner-freebsd-questions Sun Jun 16 23: 0:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from matrix.zssm.zp.ua (matrix.zssm.zp.ua [212.8.32.10]) by hub.freebsd.org (Postfix) with ESMTP id E110D37B436 for ; Sun, 16 Jun 2002 23:00:27 -0700 (PDT) Received: from server.hermes-comp.zp.ua (germes-comp.zssm.zp.ua [212.8.32.132] (may be forged)) by matrix.zssm.zp.ua (8.11.3/8.11.3) with ESMTP id g5H5rbo35531; Mon, 17 Jun 2002 08:53:41 +0300 (EEST) (envelope-from stalker@hermes-comp.zp.ua) Received: from localhost (localhost [127.0.0.1]) by server.hermes-comp.zp.ua (Postfix) with ESMTP id EDBF138302; Mon, 17 Jun 2002 08:58:35 +0300 (EEST) Date: Mon, 17 Jun 2002 08:58:35 +0300 (EEST) From: Alexander V Zubchenko To: Joe & Fhe Barbish Cc: FBSDQ Subject: Re: How to use natd -punch_fw In-Reply-To: Message-ID: <20020617085417.S9334-100000@server.hermes-comp.zp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings! On Sat, 15 Jun 2002, Joe & Fhe Barbish wrote: > -punch_fw basenumber:count > This option directs natd to ``punch holes'' in an > ipfirewall(4) based firewall for FTP/IRC DCC connections. > This is done dynamically by installing temporary firewall > rules which allow a particular connection (and only that con > nection) to go through the firewall. The rules are removed > once the corresponding connection terminates. So this is clear. This part explain what it supposed to do. > > A maximum of count rules starting from the rule number > basenumber will be used for punching firewall holes. The > range will be cleared for all rules on startup. This mean that real numbers depend on your firewall settings. Basenumber is number of first created rule. Count is maximum number of inserted rules. Look at Your firewall configuration, where You want to add this rules. E.g.: 100 check-state 500 deny log.... 65000 allow... And You want rules, created by the natd b inserted after check-state ('rule 100'). So use -punch_fw 101:300 (for example), or even better 200:200 (enough, imho, and left space for playing around with firewall setup by hands). This is information, i have. Hope, this help. Alexander V Zubchenko, E-Mail: stalker@hermes-comp.zp.ua System Administrator, WWW: http://www.hermes-comp.zp.ua/ Hermes-comp, Ukraine, Zaporizhzhya, Geroev Stalingrada 50 phone/fax: +380 612 64-19-72 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message