From owner-freebsd-questions@FreeBSD.ORG  Tue Apr  1 05:06:58 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CE69637B401
	for <freebsd-questions@FreeBSD.ORG>;
	Tue,  1 Apr 2003 05:06:58 -0800 (PST)
Received: from firewall.ast.com.na (firewall2.ast.com.na [196.20.3.242])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1C67243FD7
	for <freebsd-questions@FreeBSD.ORG>;
	Tue,  1 Apr 2003 05:06:55 -0800 (PST)	(envelope-from john@ast.com.na)
Envelope-To: <freebsd-questions@FreeBSD.ORG>
Received: from Gunther1 (loopback.ast.com.na [127.0.0.1])
	by firewall.ast.com.na (8.12.2/8.12.2) with SMTP id h31DHZLw025610
	for <freebsd-questions@FreeBSD.ORG>; Tue, 1 Apr 2003 15:17:35 +0200
From: "John Meyer" <john@ast.com.na>
To: <freebsd-questions@FreeBSD.ORG>
Date: Tue, 1 Apr 2003 15:06:54 +0200
Message-ID: <000a01c2f84f$923077f0$09cba8c0@Gunther1>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Subject: Firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2003 13:06:59 -0000


Good Day.

I have a small problem compared to the problems listed here. I have Freebsd
v3.1 (fairly old). I have compiled the kernel with
options IPFIREWALL and
options IPDIVERT
options IPFIREWALL_VERBOSE

in my rc.conf file I have
gateway_enable="YES"
firewall_enable="YES"
firewall_type="/etc/firewall.ast"
natd_interface="vx0"
natd_flags=""

In the etc dir I have a file called firewall.ast.

My problem is I seem to get an error at bootup stating as if you are running
ipfw cmd without options. I have disabled all the rules in firewall.ast
except the first one.
add 00100 tcp from any to any

When I disable that as well all seems to work well. It looks like the option
in rc.conf firewall_type="/etc/firewall.ast" does not get interpreted
correctly.

2nd Problem is I need to divert my public ip port 80 to a private ip port 80
what are the steps in natd to follow without compromising my security on the
private side.

Thank you very much in advance for any assistance.

John Meyer
AST Namibia