Date: Mon, 22 Oct 2001 21:43:42 -0400 From: "David Hill" <david@phobia.ms> To: <questions@freebsd.org> Subject: can't get stateful ipfw working... Message-ID: <001a01c15b64$290d9de0$0201a8c0@hill.hom>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0017_01C15B42.9E2860A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello - Implementing the following ipfw ruleset allows nothing to work. The nat'd machines can't access the gateway, nor the internet What am I doing wrong? # rules # # 192.168.1.0/24 (NAT) <-> 192.168.1.1 (fbsd firewall) 24.247.x.x <->=20 # Internet # fwcmd=3D"/sbin/ipfw" oif=3D"sis0" iif=3D"fxp0" inwr=3D"192.168.1.0/24" iip=3D"192.168.1.1" $fwcmd -f flush $fwcmd add divert natd all from any to any via $oif $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 101 deny all from any to 127.0.0.0/8 $fwcmd add 500 check-state $fwcmd add 510 deny tcp from any to any in established $fwcmd add 520 allow tcp from any to any keep-state setup $fwcmd add 600 allow udp from any to any out $fwcmd add 601 allow udp from 255.255.255.255 to any 68 in recv $oif $fwcmd add 700 allow icmp from any to any icmptypes 8 out $fwcmd add 701 allow icmp from any to any icmptypes 0 in $fwcmd add 702 allow icmp from any to any icmptypes 11 in ------=_NextPart_000_0017_01C15B42.9E2860A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" = size=3D3>Hello=20 -<BR>Implementing the following ipfw ruleset allows nothing to = work.<BR>The=20 nat'd machines can't access the gateway, nor the internet<BR><BR>What am = I doing=20 wrong?<BR><BR># rules<BR>#<BR># 192.168.1.0/24 (NAT) <-> = 192.168.1.1 (fbsd=20 firewall) 24.247.x.x <-> </FONT></FONT></DIV> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" = size=3D3>#=20 Internet<BR>#<BR>fwcmd=3D"/sbin/ipfw"<BR>oif=3D"sis0"<BR>iif=3D"fxp0"<BR>= inwr=3D"192.168.1.0/24"<BR>iip=3D"192.168.1.1"<BR><BR>$fwcmd=20 -f flush<BR>$fwcmd add divert natd all from any to any via = $oif<BR>$fwcmd add=20 100 pass all from any to any via lo0<BR>$fwcmd add 101 deny all from any = to=20 127.0.0.0/8<BR><BR>$fwcmd add 500 check-state<BR>$fwcmd add 510 deny tcp = from=20 any to any in established<BR>$fwcmd add 520 allow tcp from any to any = keep-state=20 setup<BR><BR>$fwcmd add 600 allow udp from any to any out<BR>$fwcmd add = 601=20 allow udp from 255.255.255.255 to any 68 in recv $oif<BR><BR>$fwcmd add = 700=20 allow icmp from any to any icmptypes 8 out<BR>$fwcmd add 701 allow icmp = from any=20 to any icmptypes 0 in<BR>$fwcmd add 702 allow icmp from any to any = icmptypes 11=20 in</FONT><BR><BR></DIV></FONT></BODY></HTML> ------=_NextPart_000_0017_01C15B42.9E2860A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001a01c15b64$290d9de0$0201a8c0>