Date: Wed, 19 Sep 2001 11:21:00 +0300 From: "Vladimir Terziev" <vladimirt@rila.bg> To: freebsd-net@freebsd.org Subject: Problem with IPFW and NATD Message-ID: <200109190821.f8J8L0c09243@star.rila.bg>
next in thread | raw e-mail | index | archive | help
Hi, I have a gateway machine which runs NATD (natd -unregistered_only -interface an0) and have IP packet filter IPFW with the following rules: ipfw add 100 allow ip from any to any via lo0 ipfw add 10002 skipto 20000 tcp from 192.168.15.2 to any 21 ipfw add 10003 skipto 20000 tcp from 192.168.15.2 to any 53,6667,6668 ipfw add 10004 skipto 20000 udp from 192.168.15.2 to any 53,4000 ipfw add 11000 deny ip from 192.168.15.0/24 to any ipfw add 20000 divert natd ip from any to any via an0 ipfw add 63000 allow ip from PUBLIC_IP to any ipfw add 64000 allow ip from any to PUBLIC_IP ipfw add 30001 allow tcp from any 21 to 192.168.15.2 established ipfw add 30002 allow tcp from any 53,6667,6668 to 192.168.15.2 established ipfw add 30003 allow udp from any 53,4000 to 192.168.15.2 ipfw add 65000 deny ip from any to any The gateway machine is FreeBSD 4.4-RC and has 2 interfaces (internal, and external - an0). I need only one of machines in the local network to have connectivity to "the rest of the world". I've read all the documentation about ipfw(8), divert(4) and natd(8). Regarding to it the above rules should provide what I want, but they don't !!! Does anybody have an idea why? regards, Vladimir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109190821.f8J8L0c09243>