From owner-freebsd-questions@FreeBSD.ORG Fri Mar 4 23:52:30 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59EFC16A4CE for ; Fri, 4 Mar 2005 23:52:30 +0000 (GMT) Received: from mr.tuwien.ac.at (mr1-n.kom.tuwien.ac.at [128.131.2.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E04A43D31 for ; Fri, 4 Mar 2005 23:52:29 +0000 (GMT) (envelope-from e0025265@student.tuwien.ac.at) Received: from webmail.zserv.tuwien.ac.at (lps.ben.tuwien.ac.at [193.170.74.11]) by mr.tuwien.ac.at (8.12.10/8.12.8) with SMTP id j24NqMZt018247 for ; Sat, 5 Mar 2005 00:52:25 +0100 (MET) MIME-Version: 1.0 X-Mailer: V-webmail 1.5.1 ( http://www.v-webmail.co.uk/ ) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-ID: Date: Sat, 5 Mar 2005 00:52:25 +0100 From: "Florian Hengstberger" To: FreeBSD mailinglist X-Vwebmail-Auth: e0025265@stud3.tuwien.ac.at X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Subject: natd, ipfw problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 23:52:30 -0000 Hi! Tell me if I should post this otherwhere. Given two network cards sis0 (external) and vr0 (internal) I'm trying to give my girlfriend access to the web. Her ip is 192.168.0.2, I've installed natd, a proper kernel and configured my firewall, but so far only pings from her computer to the web works. I guess there's something wrong with my firewall, because only with the two standard entries (divert and allow all) everything is fine. But now after hours of googling I can't find anything which is wrong in my firewall. the /etc/natd.conf: interface sis0 use_sockets yes same_ports yes redirect_port udp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:80 80 redirect_port tcp 192.168.0.2:443 443 redirect_port udp 192.168.0.2:123 123 redirect_port tcp 192.168.0.2:123 123 my firewall: add 00401 divert natd all from any to any via sis0 add 00402 allow ip from any to any via vr0 ### TCP ### add 00501 check-state add 00502 deny tcp from any to any in established add 00503 allow tcp from any to any out setup keep-state # allow dns queries, dns-port=53 add 00601 allow udp from any to any 53 keep-state via sis0 # allow ntp queries, ntp-port=123 add 00603 allow udp from any to any 123 keep-state via sis0 # allow all outgoing udp traffic add 00621 allow udp from any to any out via sis0 ### ICMP ### # allow outgoing pings and the reply add 00701 allow icmp from any to any out icmptypes 8 add 00702 allow icmp from any to any in icmptypes 0 # deny and log incoming pings from the outside add 00703 deny log icmp from any to any in icmptypes 8 via sis0 ### SAMBA ### # allow netbios services to local net, but log everything for debugging purposes add 00801 allow log tcp from any to any 137-139 via vr0 add 00802 allow log udp from any to any 137-139 via vr0 Thanks a lot Florian