From owner-freebsd-questions  Thu Mar 20 12:20:15 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A742F37B401
	for <freebsd-questions@freebsd.org>; Thu, 20 Mar 2003 12:20:12 -0800 (PST)
Received: from web13508.mail.yahoo.com (web13508.mail.yahoo.com [216.136.175.87])
	by mx1.FreeBSD.org (Postfix) with SMTP id 143F543F85
	for <freebsd-questions@freebsd.org>; Thu, 20 Mar 2003 12:20:12 -0800 (PST)
	(envelope-from will@willardjwilliams.com)
Message-ID: <20030320202010.81747.qmail@web13508.mail.yahoo.com>
Received: from [217.84.186.205] by web13508.mail.yahoo.com via HTTP; Thu, 20 Mar 2003 12:20:10 PST
Date: Thu, 20 Mar 2003 12:20:10 -0800 (PST)
From: "W. J. Williams" <will@willardjwilliams.com>
Subject: Re: IPFW firewall rules not complete
To: Henrik Hudson <lists@rhavenn.net>, freebsd-questions@freebsd.org
In-Reply-To: <200303201356.23830.lists@rhavenn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--- Henrik Hudson <lists@rhavenn.net> wrote:
> 
> > I am experimenting with IPFW firewalls and have hit a roadblock.  I am
> > trying to allow ssh, mail, dns requests, pings and traceroutes out,
> but
> > not in and webmin (port 10000).  I am hitting a roadblock on mail and
> > pings out.  Hope someone can help me...I am new to this and donīt
> > understand firewall rules syntax fully.  I have funded my own lab to
> > experiment with this fun and powerful stuff...
> >
> 
> Did you setup NAT and IPDIVERT in your kernel?
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html
> 
> Even though you have 2 private networks, you still need to run NAT
> accross 
> those subnets or add static routes to your DSL modem, otherwise any
> traffic 
> coming back in from the DSL modem won't know where to go to find the
> fxp1 
> network.
> 
> Check out the handbook, it should work for you.
> 
> -- 
ok, will try that...oddly enough though, mail comes in just fine, just
going out farts...should have put that in the initial email...still think
its NAT related?

Will

=====
Will Williams

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message