Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Aug 1998 08:54:22 -0700 (PDT)
From:      Ben <spy@tyr.office.efn.org>
To:        laurens van alphen <alphen@craxx.com>
Cc:        ben@efn.org, freebsd-security@FreeBSD.ORG
Subject:   Re: natd and ipfw rules not working together
Message-ID:  <Pine.BSF.3.96.980820084925.21368D-100000@Tyr.office.EFN.org>
In-Reply-To: <000201bdcc31$926e5510$0a00a8c0@uptight.student.utwente.nl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, 20 Aug 1998, laurens van alphen wrote:
> 
> rc.firewall contains:
>       $fwcmd add divert natd all from any to any via ${natd_interface}
> where natd _interface is ed0
> 
> next the default rc.firewall contained these rules:
> 
> $fwcmd add deny all from 192.168.0.0/16 to any via ${oif}
> $fwcmd add deny all from any to 192.168.0.0/16 via ${oif}

Check to see if the deny rules are indeed being hit(ipfw -a l will show a 
counter of how many packets it has denied/allowed).  You should also add
numerics to the rules:
$fwcmd add 1 divert natd all from any to any via $nat_interface
I might also change these rules to:
$fwcmd add 100  deny all from 192.168.0.0/16 to any via ${oif} in
$fwcmd add 101  deny all from any to 192.168.0.0/16 via ${oif} in

> --
> laurens van alphen
> craxx e-consultants
> alphen@craxx.com
> http://craxx.com/
> 
> -- the information contained in this communication is confidential and
> may be legally privileged. it is intended solely for the use of the
> individual or entity to whom it is addressed and others authorised to

You mispelled authorized.

> receive it. if you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in
> reliance of the contents of this information is strictly prohibited and
> may be unlawful. craxx is either liable for the proper and complete
> transmission of the information contained in this communication nor
> for any delay in its receipt.

	-ben@efn.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980820084925.21368D-100000>