Date: Mon, 2 Oct 2000 20:59:06 -0700 (PDT) From: TeRrAc <terrac@cloudfactory.org> To: FreeBSD IPFW list <freebsd-ipfw@FreeBSD.ORG> Subject: IPFW + NAT, how do I slick this puppy up? Message-ID: <Pine.LNX.4.21.0010022049270.17474-100000@stratus.cloudfactory.org>
next in thread | raw e-mail | index | archive | help
I have a freebsd 4.0 stable system running IPFW, NAT and DHCP. I want to make this machine as slick as possible. One thing that is currently buggered is that I do not have the rc.firewall file setup to automatically load my rules. My ruleset is minor.. extremely minor. It just allows everything from one side to the other. I want to be able to allow all traffic out, but notunsolicited traffic back in (if that makes any sense. Here is my ruleset.. 00001 3550449 1697415913 divert 8668 ip from any to any via fxp0 00010 5466534 2771367031 allow ip from any to any 65535 360 38536 deny ip from any to any Another problem that I have, and this is all my doing... is whenever the logical network segments share the same physical network I get messages on the console like: Sep 27 19:22:19 hostname /kernel: arp: 10.0.0.52 is on fxp1 but got reply from xx:xx:xx:xx:xx:xx on fxp0 I think I know what that means, but aside from putting the physical cables on different hubs/switches I don't know how to fix it. That last question leads me into my next bit. which is If I want to have both NAT'd and real-world IP'd machines on the same physical network, how would I go about doing this? Ok.. thats all my BSD greivences for this month.. otherwise I am simply in love with the BSD way of doing things.. Very cool, puts linux to shame for an ease of administration box. t e r r a c " and they call *ME* strange " To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0010022049270.17474-100000>