Date: Sun, 27 Oct 2002 20:14:57 -0700 From: Soren Harward <soren@byu.edu> To: freebsd-questions@freebsd.org Subject: splitting NAT rules with ipfw? Message-ID: <20021028031457.GA62420@tmmc.dyndns.org>
next in thread | raw e-mail | index | archive | help
Right now, I have my ipfw rules running every packet through natd very close to the beginning of my firewall rules: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny log logamount 100 ip from INTERNAL to any in recv ed0 00500 deny log logamount 100 ip from EXTERNAL to any in recv xl0 00600 divert 8668 ip from any to any via ed0 (ed0: external interface) (xl0: internal interface) Right now, this sends almost every packet through natd. I'd like to be able to split the natd rules into an "outgoing from the internal network" rule and an "incoming to the internal network" rule so that I have something like the following: ipfw divert natd ip from INTERNAL to any via ed0 [ INCOMING FILTERING RULES on ed0 ] and then have incoming packets that get through the rules be passed to natd so they can be sent to the internal network if necessary. But the only setup I can get working is the one I already have. Anyone have any ideas, or does the "divert natd" have to be just one rule? -- Soren Harward soren@byu.edt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021028031457.GA62420>