From owner-freebsd-questions@FreeBSD.ORG Tue Apr 1 19:53:43 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E22A37B401 for ; Tue, 1 Apr 2003 19:53:43 -0800 (PST) Received: from vms1.rit.edu (vms1.isc.rit.edu [129.21.3.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EBAB43F85 for ; Tue, 1 Apr 2003 19:53:42 -0800 (PST) (envelope-from bjm1287@ritvax.isc.rit.edu) Received: from garfield ([129.21.129.47]) by ritvax.isc.rit.edu (PMDF V5.2-32 #30660) with ESMTPA id <01KU8AHM49BIVY0GGE@ritvax.isc.rit.edu> for freebsd-questions@freebsd.org; Tue, 1 Apr 2003 22:53:33 EST Date: Tue, 01 Apr 2003 22:53:32 -0500 From: Brian McCann To: freebsd-questions@freebsd.org Message-id: <000001c2f8cb$6e4f5e60$2f811581@garfield> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook, Build 10.0.2616 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Subject: NATD & IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2003 03:53:43 -0000 Hi all. I'm having an issue with security while trying to get natd to work with ipfw. I got my ipfw rules working great, so I added the natd line in: ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE But I can't do anything (ping, fetch, etc) until I add: ipfw add pass all from any to any Now, I may be wrong, but doesn't this pretty much open the box up? I tried changing the first "any" to my internal network, but that didn't work, and I know I've got to be missing something. If anyone would like to help me off-list, I could send you a copy of my rule set if you'd like. Thanks in advance, --Brian