Date: Wed, 9 Aug 2000 16:05:14 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: TeRrAc <terrac@cloudfactory.org> Cc: FreeBSD IPFW list <freebsd-ipfw@FreeBSD.ORG> Subject: Re: natd + IPFW Message-ID: <Pine.BSF.4.21.0008091558200.28622-100000@rapidnet.com> In-Reply-To: <Pine.LNX.4.21.0008091440220.8666-100000@stratus.cloudfactory.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Aug 2000, TeRrAc wrote: > Natd is in fadct running, With what options? It should be: /sbin/natd -n fxp1 > > > I know that is a bass-ackwards rulset, usually I have been testing it > like: > 00100 1849 185456 divert 8668 ip from any to any via fxp1 > 00500 32 2404 allow ip from any to any > 00600 0 0 allow ip from any to any > 65535 83 5902 deny ip from any to any This looks OK...if fxp1 is indeed your outside interface. > > It seems logical enough that all packets should first be diverted > through natd (the 8668) through the interface, then passed without regard > through the rest of the system. They are sent through Natd, then re-injected back into the firewall at the next rule number. > Do i need another divert statement on fxp0 to bring them back? No. The above ruleset should work. How are you testing to see if it works. Can you get out from your BSD machine without using nat? Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008091558200.28622-100000>