Date: Tue, 25 Feb 2003 16:09:43 -0800 From: "Joshua Lokken" <bsdaemon@eudoramail.com> To: "Questions" <freebsd-questions@freebsd.org> Subject: Fwd: ipfw rule placement Message-ID: <AHFLKLPGOOMEHBAA@whowhere.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. You need a MIME compliant mail reader to completely decode it. --=_-=_-PNHKHLPGOOMEHBAA Content-Type: text/plain; charset=us-ascii Content-Language: en Content-Length: 1015 Content-Transfer-Encoding: 7bit --------- Forwarded Message --------- DATE: Tue, 25 Feb 2003 16:06:22 From: "Joshua Lokken" <bsdaemon@eudoramail.com> To: "Questions" <freebsd-questions@freebsd.org> Hello, Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I had not backed things up properly. Attached is my ipfw ruleset. After the rebuild, I rewrote things from memory. When I remove the default deny rule from the list, nat works fine, port redirections and all, but with the deny rule in place, nat isn't working, so I'm thinking I have a rule in the wrong place. Can anyone point out any obvious missing/misplaced rules here? Thanks much. --- Joshua Lokken FreeBSD: The Power to Serve! bsdaemon@eudoramail.com --------------------------------> --------- End Forwarded Message --------- My apologies for the missing attachment... and for the M$ formatted file ;( Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com --=_-=_-PNHKHLPGOOMEHBAA Content-Type: text/plain; charset=us-ascii; name="firewall.conf" Content-Language: en Content-Length: 512 Content-Transfer-Encoding: 7bit $fwcmd -f flush $fwcmd add allow all from any to any via lo0 $fwcmd add divert natd all from any to any via $oif $fwcmd add allow tcp from any to $oip 22,80,443,6346,22002,22003,22010 setup $fwcmd add allow tcp from any to any established $fwcmd add allow icmp from any to any icmptypes 3,4,11,12 $fwcmd add check-state $fwcmd add allow ip from $oip to any keep-state out via $oif $fwcmd add allow ip from $inwr to any keep-state via $iif $fwcmd add 65435 deny log ip from any to any --=_-=_-PNHKHLPGOOMEHBAA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AHFLKLPGOOMEHBAA>