Date: Mon, 4 Jun 2001 10:04:49 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: tinnakorn kunasit <tinnakorn2000@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfirewall Message-ID: <Pine.BSF.4.21.0106040955140.86339-100000@cody.jharris.com> In-Reply-To: <F99eKljq65Rn8P5o7P60000d21f@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Jun 2001, tinnakorn kunasit wrote: > > dear sir > I am install FreeBSD 4.2 but can not set firewall. > > In my system have 2 network card > > rl0 203.151.42.62 > rl1 10.0.0.1 > > I want to make ip masquerade forward ip from inside (rl1) to > outside (rl0) > How I can make it? > > I tried to set > > 1. add options for ipfirewall and recompile kernel > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=100 > options IPFIREWALL_DEFAULT_TO_ACCEPT > > 2. in /etc/service > natd 6668/divert > > 3. enable firewall line in /etc/rc.conf > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > > 4. edit file /etc/rc.firewall > /sbin/ipfw -f flush > /sbin/ipfw -q add 100 pass all from any to any via lo0 > /sbin/ipfw -q add 200 pass all from any to 127.0.0.0/8 > /sbin/ipfw -q add 300 pass all from any to any This line (#300) should be after the divert line. > > /sbin/sysctl -n -w net.inet.ip.forwarding=1 > /sbin/natd -l -d auth -m -u -n rl1 -dynamic Should be the rl0 interface, not rl1. So "-n rl0" > /sbin/ipfw add divert natd all from any to any out > /sbin/ipfw add divert natd all from any to any in > This rule should be: add divert natd all from any to any via rl0 Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0106040955140.86339-100000>