From owner-freebsd-questions  Tue Nov 24 19:43:14 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA17985
          for freebsd-questions-outgoing; Tue, 24 Nov 1998 19:43:14 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from trantor.galaxia.com (terminus.galaxia.com [204.255.210.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA17973
          for <freebsd-questions@FreeBSD.ORG>; Tue, 24 Nov 1998 19:43:06 -0800 (PST)
          (envelope-from dave@galaxia.com)
Received: from localhost (dave@localhost)
	by trantor.galaxia.com (8.8.8/8.8.7) with ESMTP id WAA13306;
	Tue, 24 Nov 1998 22:42:20 -0500 (EST)
	(envelope-from dave@galaxia.com)
Date: Tue, 24 Nov 1998 22:42:19 -0500 (EST)
From: "David H. Brierley" <dave@galaxia.com>
To: Forrest Aldrich <forrie@navinet.net>
cc: Dan Busarow <dan@dpcsys.com>, Paul Dekkers <psd@cgu.nl>,
        FreeBSD Mailinglist <freebsd-questions@FreeBSD.ORG>
Subject: Re: natd: what's wrong?
In-Reply-To: <4.1.19981124114820.00abc740@206.25.93.69>
Message-ID: <Pine.BSF.4.05.9811242235450.1806-100000@trantor.galaxia.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 24 Nov 1998, Forrest Aldrich wrote:

> It works, as long as you don't have any firewall rules.  I've tried
> everything.   Perhaps there's a bug in the networking code somewhere?
> 
> The lack of response here suggests that it's time to fire up Linux/ipfwadm.
> At least that worked.

Well, these are not very complex rules but they are rules.  This
is what my firewall looks like:

01000 allow ip from any to any via lo0
01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8
02000 divert 6668 ip from any to any via ppp0
03000 allow ip from 192.168.1.2 to 192.168.1.1
03001 allow ip from 192.168.1.2 to 192.168.1.255
03002 deny log ip from 192.168.1.2 to any
65000 allow ip from any to any
65535 deny ip from any to any

The 192.168.1.2 machine is my kids machine and I want to force
them to go through some application level proxies I have on
the firewall.  Other machines on my house network are able to
use the firewall as a router and connect to anything they want
to.  I have the firewall type set to "open" and I enable all
the rules, including the divert rule, as part of bringing up
the ppp interface.

-- 
David H. Brierley
    dave@galaxia.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message