Date: Thu, 19 Oct 2000 19:13:17 -0400 From: "Peter Brezny" <peter@sysadmin-inc.com> To: <freebsd-security@freebsd.org> Subject: rc.firewall rule question. Message-ID: <000c01c03a22$2acab280$47010a0a@fire.sysadmininc.com>
next in thread | raw e-mail | index | archive | help
on a 4.1 box i've confirmed ipfw/nat working using a simplified rule script.
however, when i use the default rc.firewall script (modified for my machine)
using the 'simple' parameter designed to protect a network and allow nat, my
internal private network (10.90.1.0) doesn't work (i know could i be more
specific...).
i've added
${fwcmd} add allow icmp from any to any
at the next to the last entry of the ruleset to help with diagnosis.
when I comment out the line
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
it still doesn't work, however when i comment out the line
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
i can ping to external domains.
I guess my big question is, does this script actually allow private internal
domains to reach the outside world when properly configured?
Has anyone gotten this script to work properly.
Thanks in advance.
Peter Brezny
SysAdmin Services, Inc.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c03a22$2acab280$47010a0a>