From owner-freebsd-questions Sat Aug 5 11:54:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id 3093A37B884 for ; Sat, 5 Aug 2000 11:54:43 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.20.155.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id LAA55868; Sat, 5 Aug 2000 11:54:33 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <00e001bfff0e$97319fa0$029b140a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: , Subject: Re: NATD/"spoofing" and IPFW Date: Sat, 5 Aug 2000 11:54:31 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >... but I find that machines within the LAN (W9x machines >FWIW) >cannot 'get out' if I retain the rules > >${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} >${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} Hi, Richard! Change: ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} to: ${fwcmd} add deny all from any to 192.168.0.0/16 out via ${oif} I did this with my 10.0.0.0/8 rule (since that's the internal net I'm using), but failed to include it in the other rules :-( The oversight will be corrected shortly! :-) --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com FreeBSD Cheat Sheets http://www.mostgraveconcern.com/freebsd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message