From owner-freebsd-questions Mon Nov 23 16:55:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA12344 for freebsd-questions-outgoing; Mon, 23 Nov 1998 16:55:10 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from drama.navinet.net (drama.navinet.net [206.25.93.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA12338 for ; Mon, 23 Nov 1998 16:55:06 -0800 (PST) (envelope-from forrie@drama.navinet.net) Received: (from forrie@localhost) by drama.navinet.net (8.9.1a/8.9.1) id TAA05038 for freebsd-questions@freebsd.org; Mon, 23 Nov 1998 19:55:04 -0500 (EST) Message-ID: <19981123195504.A5012@navinet.net> Date: Mon, 23 Nov 1998 19:55:04 -0500 From: Forrest Aldrich To: freebsd-questions@FreeBSD.ORG Subject: Natd hell Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG If I put the rules: $fwcmd add divert natd all from any to any via xl0 $fwcmd add 65000 pass all from any to any I'm able to get out to the net from my internal net (10.0.0.0). Otherwise, it doesn't work, regardless of whether I place an explicit allow for 10.0.0.0 to everywhere. The internal network interface is 10.0.0.1 (xl1), the external is my ISP address (xl0). It seems to me now that this is an ipfw ACL issue. If someone could mail me an example rc.firewall config that implements natd with packet filters using an RFC net and 2 interfaces, I would appreciate it. There is next to NO information about this out there. And the number of emails I've received privately indicate there is certainly a need. The manpage doesn't go into much detail. Thanks.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message