Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jun 2002 08:58:35 +0300 (EEST)
From:      Alexander V Zubchenko <stalker@hermes-comp.zp.ua>
To:        Joe & Fhe Barbish <barbish@a1poweruser.com>
Cc:        FBSDQ <questions@FreeBSD.ORG>
Subject:   Re: How to use natd -punch_fw
Message-ID:  <20020617085417.S9334-100000@server.hermes-comp.zp.ua>
In-Reply-To: <MIEPLLIBMLEEABPDBIEGCENKCCAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Greetings!

On Sat, 15 Jun 2002, Joe & Fhe Barbish wrote:

> -punch_fw basenumber:count
> 		 This option directs natd to ``punch holes'' in an
> 		 ipfirewall(4) based firewall for FTP/IRC DCC connections.
> 		 This is done dynamically by installing temporary firewall
> 		 rules which allow a particular connection (and only that con
> 		 nection) to go through the firewall.  The rules are removed
> 		 once the corresponding connection terminates.
So this is clear. This part explain what it supposed to do.

>
> 		 A maximum of count rules starting from the rule number
> 		 basenumber will be used for punching firewall holes.  The
> 		 range will be cleared for all rules on startup.
This mean that real numbers depend on your firewall settings.
Basenumber is number of first created rule. Count is maximum number of
inserted rules. Look at Your firewall configuration, where You want to
add this rules. E.g.:

100 check-state
500 deny log....
65000 allow...

And You want rules, created by the natd b inserted after check-state
('rule 100'). So use -punch_fw 101:300 (for example), or even better
200:200 (enough, imho, and left space for playing around with firewall
setup by hands).
This is information, i have. Hope, this help.

Alexander V Zubchenko,		E-Mail: stalker@hermes-comp.zp.ua
System Administrator,		WWW: http://www.hermes-comp.zp.ua/
Hermes-comp,
Ukraine,
Zaporizhzhya,
Geroev Stalingrada 50
phone/fax: +380 612 64-19-72




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617085417.S9334-100000>