Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 02 Apr 2003 13:31:25 +0000
From:      Ryan Merrick <>
To:        Brian McCann <>
Subject:   Re: NATD & IPFW
Message-ID:  <>
References:  <000001c2f8cb$6e4f5e60$2f811581@garfield>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Brian McCann wrote:

>Hi all.  I'm having an issue with security while trying to get natd to
>work with ipfw.  I got my ipfw rules working great, so I added the natd
>line in:
>  ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
>But I can't do anything (ping, fetch, etc) until I add:
>  ipfw add pass all from any to any
>Now, I may be wrong, but doesn't this pretty much open the box up?  I
>tried changing the first "any" to my internal network, but that didn't
>work, and I know I've got to be missing something.
>If anyone would like to help me off-list, I could send you a copy of my
>rule set if you'd like.
>Thanks in advance,
> mailing list
>To unsubscribe, send any mail to ""

The best way to learn about your firewall is to log all denyed packets 
and review the log file while trying different programs that access the 

#ipfw add 6500 deny log any to any

#tail -f /var/log/security

Then create rules based on what shows up in the logs.


Want to link to this message? Use this URL: <>