From owner-freebsd-questions Fri Aug 4 7:19:10 2000 Delivered-To: freebsd-questions@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 0676437BB4D for ; Fri, 4 Aug 2000 07:19:05 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.9.3/1.13) id RAA01009; Fri, 4 Aug 2000 17:17:53 +0300 (EEST) Date: Fri, 4 Aug 2000 17:17:53 +0300 From: Ruslan Ermilov To: rshea@opendoor.co.nz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD/"spoofing" and IPFW Message-ID: <20000804171753.A522@sunbay.com> Mail-Followup-To: rshea@opendoor.co.nz, freebsd-questions@FreeBSD.ORG References: <200008040857.e748va105786@deborah.paradise.net.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200008040857.e748va105786@deborah.paradise.net.nz>; from rshea@opendoor.co.nz on Fri, Aug 04, 2000 at 08:47:34PM +1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Aug 04, 2000 at 08:47:34PM +1200, rshea@opendoor.co.nz wrote: > Hi - I'm new to FreeBSD and trying to make my FreeBSD machine > act as a gateway/firewall to the office LAN. The connection to the > i'net is via a cable modem with a fixed IP address. I am using > IPFW as the firewall and in rc.conf I have set firewall_type to > "simple". The machines on the LAN use addresses in the range > 192.168.10.xx. > > I 'borrowed' my firewall rules (I've tagged them onto the bottom of > this email) from the very helpful site ... > > http://www.mostgraveconcern.com/freebsd/ > > ... but I find that machines within the LAN (W9x machines FWIW) > cannot 'get out' if I retain the rules > > ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} > ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} > For a detailed description of your problem, please see http://www.freebsd.org/cgi/query-pr.cgi?pr=13769 For a fix, please see http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall.diff?r1=1.35&r2=1.36 Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message