Date: Fri, 4 Aug 2000 17:17:53 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: rshea@opendoor.co.nz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD/"spoofing" and IPFW Message-ID: <20000804171753.A522@sunbay.com> In-Reply-To: <200008040857.e748va105786@deborah.paradise.net.nz>; from rshea@opendoor.co.nz on Fri, Aug 04, 2000 at 08:47:34PM %2B1200 References: <200008040857.e748va105786@deborah.paradise.net.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 04, 2000 at 08:47:34PM +1200, rshea@opendoor.co.nz wrote: > Hi - I'm new to FreeBSD and trying to make my FreeBSD machine > act as a gateway/firewall to the office LAN. The connection to the > i'net is via a cable modem with a fixed IP address. I am using > IPFW as the firewall and in rc.conf I have set firewall_type to > "simple". The machines on the LAN use addresses in the range > 192.168.10.xx. > > I 'borrowed' my firewall rules (I've tagged them onto the bottom of > this email) from the very helpful site ... > > http://www.mostgraveconcern.com/freebsd/ > > ... but I find that machines within the LAN (W9x machines FWIW) > cannot 'get out' if I retain the rules > > ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} > ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} > For a detailed description of your problem, please see http://www.freebsd.org/cgi/query-pr.cgi?pr=13769 For a fix, please see http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall.diff?r1=1.35&r2=1.36 Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000804171753.A522>