Date: Tue, 20 Oct 1998 16:01:22 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd confusion Message-ID: <199810200301.QAA18220@cyclops.xtra.co.nz> In-Reply-To: <199810200031.NAA20667@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Oct 98, at 13:31, Dan Langille wrote: > I'm in the process of setting up ipfw rules within rc.firewall using the > simple model under 2.2.7. I have some questions about two of the rules: > > 00700 deny ip from any to 192.168.0.0/16 via ed0 I thought this rule was to stop spoofing. Then why does it stop me getting outside? I suspect an natd problem but have no proof. In the meantime, I've added this rule before the above and it seems to do what I need: allow ip from any to 192.168.0.0/16 via ed0 Why are my IPS going tou via ed0 not being mapped to another IP before they hit ed0? Is my understanding of natd all wrong? > 01300 deny log tcp from any to any in recv ed0 setup > This prevents IRC connections from occurring. I'm sure I can use some > other set of rules to restrict this, but in the meantime, I've removed it. This one has been fixed by doing the following rules: 01210 allow tcp from any to 210.55.210.87 194 01220 allow udp from any to 210.55.210.87 194 Thanks. -- Dan Langille DVL Software Limited The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810200301.QAA18220>