IPFW.

[Dan]

Hi there.
I hope you can help.
I've been trying and trying for days to try and get these rules sorted, as 
whenever they're used, my laptop (which is using my FreeBSD box as a gateway) 
cannot access the Internet.
If I use a "small" set of rules, such as:

fwcmd="/sbin/ipfw"
$fwcmd -f flush
$fwcmd add divert natd all from any to any via sis0
$fwcmd add allow all from any to any 

it works fine.
sis0 is the Ethernet that has the business cable modem attached to it, and 
sis1 is the Ethernet that has the wireless Access point (netgear HE102) 
connected to it which the laptop (using a HA501 netgear card) connects to.
It's taken me so long just to get this far! I looked through the standard 
/etc/rc.firewall and that's how I managed to get the priorities for the ones 
i've done. But if you can tell me where I'm going wrong (as I'm going 
mind-boggled now with this!) it'd be absolutely gratefully appreciated.

Many thanks!

The rules:

# Define the firewall command (as in /etc/rc.firewall) for easy
# reference.  Helps to make it easier to read.
fwcmd="/sbin/ipfw"

# Force a flushing of the current rules before we reload.
$fwcmd -f flush

# Divert all packets through the tunnel interface.
$fwcmd add 50 divert natd all from any to any via sis0

# Allow all connections that have dynamic rules built for them,
# but deny established connections that don't have a dynamic rule.
# See ipfw(8) for details.
$fwcmd add check-state
$fwcmd add pass tcp from any to any established

# Allow all localhost connections
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any

# Allow all connections from my network card that I initiate
$fwcmd add allow tcp from me to any out xmit any setup keep-state
$fwcmd add deny  tcp from me to any
$fwcmd add allow ip from me to any out xmit any keep-state
$fwcmd add allow all from 192.168.0.0/24 to any

# Everyone on the Internet is allowed to connect to the following
# services on the machine.  This example specifically allows connections
# to sshd and a webserver.
$fwcmd add allow tcp from any to any established
$fwcmd add allow tcp from any to me 80 setup
$fwcmd add allow tcp from any to me 22 setup

# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to me 113 in recv any

# Enable ICMP: remove type 8 if you don't want your host to be pingable
$fwcmd add allow icmp from any to any icmptypes 0,3,8,11,12,13,14

# Deny all the rest.
$fwcmd add deny log ip from any to any