Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Sep 2001 11:25:45 +0300
From:      "Vladimir Terziev" <>
Subject:   Problem with IPFW and NATD (also sent to freebad-net mailing list)
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help


I have a gateway machine which runs NATD and have IP packet filter IPFW with 
the following rules:

ipfw add 100 allow ip from any to any via lo0

ipfw add 10002 skipto 20000 tcp from to any 21
ipfw add 10003 skipto 20000 tcp from to any 53,6667,6668
ipfw add 10004 skipto 20000 udp from to any 53,4000

ipfw add 11000 deny ip from to any

ipfw add 20000 divert natd ip from any to any via an0

ipfw add 63000 allow ip from PUBLIC_IP to any
ipfw add 64000 allow ip from any to PUBLIC_IP

ipfw add 30001 allow tcp from any 21 to established
ipfw add 30002 allow tcp from any 53,6667,6668 to established
ipfw add 30003 allow udp from any 53,4000 to

ipfw add 65000 deny ip from any to any

The gateway machine is FreeBSD 4.4-RC and has 2 interfaces (internal, and 
external - an0). I need only one of machines in the local network to have 
connectivity to "the rest of the world".

I've read all the documentation about ipfw(8), divert(4) and natd(8). 
Regarding to it the above rules should provide what I want, but they don't !!!

Does anybody have an idea why?


To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>