Date: Wed, 26 Jul 2000 15:40:02 -0700 (PDT) From: Stephen Montgomery-Smith <stephen@math.missouri.edu> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/20197: rc.firewall with firewall_type=simple doesn't work with natd Message-ID: <200007262240.PAA88875@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/20197; it has been noted by GNATS.
From: Stephen Montgomery-Smith <stephen@math.missouri.edu>
To: freebsd-gnats-submit@FreeBSD.org, stephen@math.missouri.edu
Cc:
Subject: Re: conf/20197: rc.firewall with firewall_type=simple doesn't work with
natd
Date: Wed, 26 Jul 2000 17:38:53 -0500
This is a multi-part message in MIME format.
--------------3AD3FE82376168543435C5B7
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Or an even better way - sorry for all my follow ups.
--------------3AD3FE82376168543435C5B7
Content-Type: text/plain; charset=us-ascii;
name="ddd"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ddd"
--- /usr/etc-chg/4.0158/etc/rc.firewall Sat Jul 15 19:31:58 2000
+++ rc.firewall-default Wed Jul 26 17:35:27 2000
@@ -171,12 +171,25 @@
${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
- ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
- ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
- ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
+
+ # Change the natd rule to here, otherwise the RFC1918
+ # rules might kill valid packets made by natd
+ case ${natd_enable} in
+ [Yy][Ee][Ss])
+ if [ -n "${natd_interface}" ]; then
+ ${fwcmd} delete 50
+ ${fwcmd} add divert natd all from any to any via ${natd_interface}
+ fi
+ ;;
+ esac
+
+ # Stop RFC1918 nets on the outside interface
+ ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
+ ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
+ ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
# Stop draft-manning-dsua-01.txt nets on the outside interface
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
--------------3AD3FE82376168543435C5B7--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007262240.PAA88875>