From owner-freebsd-questions Thu Oct 25 11:16:41 2001 Delivered-To: freebsd-questions@freebsd.org Received: from kabel203069.kabel.utwente.nl (kabel203069.kabel.utwente.nl [130.89.203.69]) by hub.freebsd.org (Postfix) with ESMTP id 9B5E337B401 for ; Thu, 25 Oct 2001 11:16:39 -0700 (PDT) Received: by kabel203069.kabel.utwente.nl (Postfix, from userid 1000) id DF2FE1F21; Thu, 25 Oct 2001 20:16:27 +0200 (CEST) Date: Thu, 25 Oct 2001 20:16:27 +0200 From: Rogier Steehouder To: David Hill Cc: questions@freebsd.org Subject: Re: can't get stateful ipfw working... Message-ID: <20011025201627.A970@localhost> Mail-Followup-To: Rogier Steehouder , David Hill , questions@freebsd.org References: <001a01c15b64$290d9de0$0201a8c0@hill.hom> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001a01c15b64$290d9de0$0201a8c0@hill.hom>; from david@phobia.ms on Mon, Oct 22, 2001 at 09:43:42PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 22-10-2001 21:43 (-0400), David Hill wrote: > Hello - > Implementing the following ipfw ruleset allows nothing to work. > The nat'd machines can't access the gateway, nor the internet > > What am I doing wrong? > $fwcmd add 500 check-state > $fwcmd add 510 deny tcp from any to any in established > $fwcmd add 520 allow tcp from any to any keep-state setup I don't know for sure, but maybe the stateful rule includes the setup option and refuses anything but setup packets. Try removing that since it's quite useless here anyway. With kind regards, Rogier Steehouder -- ___ _ -O_\ // | / Rogier Steehouder //\ / \ r.j.s@gmx.net // \ <---------------------- 25m ----------------------> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message