From owner-freebsd-ipfw  Wed Aug  9 19:48: 2 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from stratus.cloudfactory.org (cloudfactory.org [205.179.129.18])
	by hub.freebsd.org (Postfix) with ESMTP id E4A9237B52B
	for <freebsd-ipfw@FreeBSD.ORG>; Wed,  9 Aug 2000 19:47:58 -0700 (PDT)
	(envelope-from terrac@cloudfactory.org)
Received: from localhost (terrac@localhost)
	by stratus.cloudfactory.org (8.8.8/8.8.7) with ESMTP id TAA18943;
	Wed, 9 Aug 2000 19:50:04 -0700
Date: Wed, 9 Aug 2000 19:50:04 -0700 (PDT)
From: TeRrAc <terrac@cloudfactory.org>
To: Nick Rogness <nick@rapidnet.com>
Cc: FreeBSD IPFW list <freebsd-ipfw@FreeBSD.ORG>
Subject: Re: natd + IPFW 
In-Reply-To: <Pine.LNX.4.21.0008091556480.8666-100000@stratus.cloudfactory.org>
Message-ID: <Pine.LNX.4.21.0008091942590.8666-100000@stratus.cloudfactory.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

 So from all the replies I have recieved, i get the feeling that my natd
is setup correctly, and the deault rules are okie..
 I am wondering what it could be that is keeping my hosts on the inside
from pining the outside world. 
 Undoubtedly it is something really simple, as are most things. the only
question is what is it?

agian my config is:
----
KERNEL:
  options         IPFIREWALL              # IP Firewall - added for NAT
  options         IPDIVERT                # IP diverting added for NAT
  options         IPFIREWALL_FORWARD      # added to try and get sanity?
  options         IPFIREWALL_VERBOSE      # IP packet logging - added for
IPFW
  pseudo-device   bpf                     #Berkeley packet filter

/etc/rc.conf
  natd_program="/sbin/natd"       # Path to natd, if different
  natd_enable="YES"               # Turns on natd and sets flag for IPWF
  natd_interface="fxp1"           # Sets interface to bind natd to
  natd_flags="-l -u -m "          # Additional flags for natd
  gateway_enable="YES"            # This system is used as a gateway
  firewall_enable="YES"           # Enable IPFW packet filtering
  firewall_type="OPEN"            # Stes a generic type of Firewall
---

With additional IPFW command
  -f flush
  add divert natd all from any to any via fxp1
  add pass all from any to any

So, am I missing something? would the 'IPFIREWALL_FORWARD' option in the
kernel keep from letting this through.. to my suspition it shouldn't..?

 I am confused, really stumped, two days into this and boggled.

 Any and all help appreciated. Thanks.

	Terrac Skiens




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message