From owner-freebsd-questions Thu Jan 18 13: 6:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from priv-edtnes11-hme0.telusplanet.net (fepout3.telus.net [199.185.220.238]) by hub.freebsd.org (Postfix) with ESMTP id 075DC37B401 for ; Thu, 18 Jan 2001 13:06:41 -0800 (PST) Received: from CRX.sfu.ca ([209.53.63.29]) by priv-edtnes11-hme0.telusplanet.net (InterMail vM.4.01.03.13 201-229-121-113) with ESMTP id <20010118210636.GDNS667.priv-edtnes11-hme0.telusplanet.net@CRX.sfu.ca> for ; Thu, 18 Jan 2001 14:06:36 -0700 Message-Id: <5.0.2.1.2.20010118130802.02bfc808@mail.brightmail.com> X-Sender: tmchow@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 18 Jan 2001 13:08:41 -0800 To: questions@freebsd.org From: Trevin Chow Subject: NAT doesn't work with my firewall rules? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, NATD seems to be pharked on my machine.. The FreeBSD box itself working as the gateway has completely functional internet access, but clients hooked up to internal interfaces can't access the internet. If I just have the rules: ----- ipfw add divert natd all from any to any via ${oif} ipfw add pass all from any to any ----- the NATD works. However, as soon as I load my complete ruleset from /etc/rc.firewall NAT doesn't function properly. Here's a SNIPPET of my rules leading up to the divert nat rule and a few rules after: ------ allow ip from any to any via lo0 divert 8668 ip from any to any via dc0 deny ip from any to 127.0.0.0/8 deny ip from 192.168.0.0/24 to any in recv dc0 deny ip from 209.53.0.0/18 to any in recv fxp0 deny ip from 209.53.0.0/18 to any in recv fxp1 deny ip from 192.168.0.0/16 to any in recv dc0 deny ip from 172.16.0.0/12 to any in recv dc0 deny ip from 224.0.0.0/4 to any deny ip from 10.0.0.0/8 to any in recv dc0 allow ip from any to any out xmit dc0 allow ip from any to any via fxp0 ------ (dc0 is my external interface, and fxp0 and fxp1 are my internal ones) Regards, Trevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message