Date: Mon, 7 Apr 2003 14:31:34 -0700 From: Joshua Lokken <joshualokken@attbi.com> To: Brian McCann <bjm1287@ritvax.rit.edu> Cc: freebsd-questions@freebsd.org Subject: Re: NATD & IPFW Message-ID: <20030407213134.GB6383@joloxbox.joshualokken.com> In-Reply-To: <000001c2f8cb$6e4f5e60$2f811581@garfield> References: <000001c2f8cb$6e4f5e60$2f811581@garfield>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brian McCann (bjm1287@ritvax.rit.edu) wrote: ==> Hi all. I'm having an issue with security while trying to get natd to ==> work with ipfw. I got my ipfw rules working great, so I added the natd ==> line in: ==> ==> ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE ==> ==> But I can't do anything (ping, fetch, etc) until I add: ==> ipfw add pass all from any to any ==> ==> Now, I may be wrong, but doesn't this pretty much open the box up? I ==> tried changing the first "any" to my internal network, but that didn't ==> work, and I know I've got to be missing something. ==> ==> If anyone would like to help me off-list, I could send you a copy of my ==> rule set if you'd like. ==> ==> Thanks in advance, ==> --Brian I had trouble with this, too, and I found that when I changed the location of the divert rule, the behavior changed. -- Joshua
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030407213134.GB6383>