Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Apr 2003 14:31:34 -0700
From:      Joshua Lokken <joshualokken@attbi.com>
To:        Brian McCann <bjm1287@ritvax.rit.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: NATD & IPFW
Message-ID:  <20030407213134.GB6383@joloxbox.joshualokken.com>
In-Reply-To: <000001c2f8cb$6e4f5e60$2f811581@garfield>
References:  <000001c2f8cb$6e4f5e60$2f811581@garfield>

next in thread | previous in thread | raw e-mail | index | archive | help
* Brian McCann (bjm1287@ritvax.rit.edu) wrote:
==> Hi all.  I'm having an issue with security while trying to get natd to
==> work with ipfw.  I got my ipfw rules working great, so I added the natd
==> line in:
==> 
==>   ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
==> 
==> But I can't do anything (ping, fetch, etc) until I add:
==>   ipfw add pass all from any to any
==> 
==> Now, I may be wrong, but doesn't this pretty much open the box up?  I
==> tried changing the first "any" to my internal network, but that didn't
==> work, and I know I've got to be missing something.
==> 
==> If anyone would like to help me off-list, I could send you a copy of my
==> rule set if you'd like.
==> 
==> Thanks in advance,
==> --Brian

I had trouble with this, too, and I found that when I changed the location
of the divert rule, the behavior changed.

--
Joshua



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030407213134.GB6383>