Date: Wed, 12 May 1999 13:33:29 -0700 From: Erin Fortenberry <erinf@lusardi.com> To: 'MPN' <neubyneu@twcny.rr.com>, freebsd-questions@freeBSD.ORG Subject: RE: ipfw/natd question... Message-ID: <AFB0749029D0D211AD3900902728125103A7C9@MAIL>
next in thread | raw e-mail | index | archive | help
You need to process the real firewall rules before you process the divert rule, try moving divert to 10000 instead of 00100. Erin mailto:kahn@unet.tm http://www.fortenberry.net Failure is not an option. It comes bundled with your Microsoft product. -----Original Message----- From: MPN [mailto:neubyneu@twcny.rr.com] Sent: Wednesday, May 12, 1999 1:34 PM To: freebsd-questions@freeBSD.ORG Subject: ipfw/natd question... Hello. I'm currently running FBSD-2.2.6-Release. I have set up my FreeBSD box running nat to do the translation to the internet for my home network. The FreeBSD server box has two ethernet cards. ed0 connected to my internal network and ed1 connected to my cable modem. NATD is currently working properly. What I'd like to do, though, is allow only certain port connections. For example, I would like to allow telnet, ftp, and http. If I take out the line allow all from any to any, nothing works. NAT doesn't do the translation for some reason. Here are my current rules: maddog# ipfw list 00031 deny log udp from any to any 31337 00032 deny log tcp from any to any 31337 00100 divert 6668 ip from any to any via ed1 00101 allow udp from any to any 21 00102 allow tcp from any to any 21 00202 allow tcp from any to any 23 00302 allow udp from any to any 23 00402 allow tcp from any to any 80 00502 allow udp from any to any 80 00602 allow tcp from any to any 53 00702 allow udp from any to any 53 65535 deny ip from any to any This *should* block everything except ftp, http, telnet, and dnsqueries. It isn't working though. What is wrong? Any help is greatly appreciated. THanks in advance. -- MPN - President, Computer Management Systems -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AFB0749029D0D211AD3900902728125103A7C9>