Date: Tue, 24 Nov 1998 22:42:19 -0500 (EST) From: "David H. Brierley" <dave@galaxia.com> To: Forrest Aldrich <forrie@navinet.net> Cc: Dan Busarow <dan@dpcsys.com>, Paul Dekkers <psd@cgu.nl>, FreeBSD Mailinglist <freebsd-questions@FreeBSD.ORG> Subject: Re: natd: what's wrong? Message-ID: <Pine.BSF.4.05.9811242235450.1806-100000@trantor.galaxia.com> In-Reply-To: <4.1.19981124114820.00abc740@206.25.93.69>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Nov 1998, Forrest Aldrich wrote:
> It works, as long as you don't have any firewall rules. I've tried
> everything. Perhaps there's a bug in the networking code somewhere?
>
> The lack of response here suggests that it's time to fire up Linux/ipfwadm.
> At least that worked.
Well, these are not very complex rules but they are rules. This
is what my firewall looks like:
01000 allow ip from any to any via lo0
01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8
02000 divert 6668 ip from any to any via ppp0
03000 allow ip from 192.168.1.2 to 192.168.1.1
03001 allow ip from 192.168.1.2 to 192.168.1.255
03002 deny log ip from 192.168.1.2 to any
65000 allow ip from any to any
65535 deny ip from any to any
The 192.168.1.2 machine is my kids machine and I want to force
them to go through some application level proxies I have on
the firewall. Other machines on my house network are able to
use the firewall as a router and connect to anything they want
to. I have the firewall type set to "open" and I enable all
the rules, including the divert rule, as part of bringing up
the ppp interface.
--
David H. Brierley
dave@galaxia.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811242235450.1806-100000>