Date: Thu, 18 Jan 2001 13:08:41 -0800 From: Trevin Chow <tmchow@sfu.ca> To: questions@freebsd.org Subject: NAT doesn't work with my firewall rules? Message-ID: <5.0.2.1.2.20010118130802.02bfc808@mail.brightmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
NATD seems to be pharked on my machine.. The FreeBSD box itself
working as the gateway has completely functional internet
access, but clients hooked up to internal interfaces can't access
the internet.
If I just have the rules:
-----
ipfw add divert natd all from any to any via ${oif}
ipfw add pass all from any to any
-----
the NATD works.
However, as soon as I load my complete ruleset from /etc/rc.firewall
NAT doesn't function properly.
Here's a SNIPPET of my rules leading up to the divert nat rule and a few
rules after:
------
allow ip from any to any via lo0
divert 8668 ip from any to any via dc0
deny ip from any to 127.0.0.0/8
deny ip from 192.168.0.0/24 to any in recv dc0
deny ip from 209.53.0.0/18 to any in recv fxp0
deny ip from 209.53.0.0/18 to any in recv fxp1
deny ip from 192.168.0.0/16 to any in recv dc0
deny ip from 172.16.0.0/12 to any in recv dc0
deny ip from 224.0.0.0/4 to any
deny ip from 10.0.0.0/8 to any in recv dc0
allow ip from any to any out xmit dc0
allow ip from any to any via fxp0
------
(dc0 is my external interface, and fxp0 and fxp1 are my internal ones)
Regards,
Trevin
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.2.20010118130802.02bfc808>