Date: Thu, 25 Oct 2001 20:16:27 +0200 From: Rogier Steehouder <r.j.s@gmx.net> To: David Hill <david@phobia.ms> Cc: questions@freebsd.org Subject: Re: can't get stateful ipfw working... Message-ID: <20011025201627.A970@localhost> In-Reply-To: <001a01c15b64$290d9de0$0201a8c0@hill.hom>; from david@phobia.ms on Mon, Oct 22, 2001 at 09:43:42PM -0400 References: <001a01c15b64$290d9de0$0201a8c0@hill.hom>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22-10-2001 21:43 (-0400), David Hill wrote:
> Hello -
> Implementing the following ipfw ruleset allows nothing to work.
> The nat'd machines can't access the gateway, nor the internet
>
> What am I doing wrong?
> $fwcmd add 500 check-state
> $fwcmd add 510 deny tcp from any to any in established
> $fwcmd add 520 allow tcp from any to any keep-state setup
I don't know for sure, but maybe the stateful rule includes the setup
option and refuses anything but setup packets. Try removing that since
it's quite useless here anyway.
With kind regards, Rogier Steehouder
--
___ _
-O_\ //
| / Rogier Steehouder //\
/ \ r.j.s@gmx.net // \
<---------------------- 25m ---------------------->
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025201627.A970>