NATD & IPFW
sandshrimp at attbi.com
Wed Apr 2 13:29:42 PST 2003
Brian McCann wrote:
>Hi all. I'm having an issue with security while trying to get natd to
>work with ipfw. I got my ipfw rules working great, so I added the natd
> ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
>But I can't do anything (ping, fetch, etc) until I add:
> ipfw add pass all from any to any
>Now, I may be wrong, but doesn't this pretty much open the box up? I
>tried changing the first "any" to my internal network, but that didn't
>work, and I know I've got to be missing something.
>If anyone would like to help me off-list, I could send you a copy of my
>rule set if you'd like.
>Thanks in advance,
>freebsd-questions at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
The best way to learn about your firewall is to log all denyed packets
and review the log file while trying different programs that access the
#ipfw add 6500 deny log any to any
#tail -f /var/log/security
Then create rules based on what shows up in the logs.
More information about the freebsd-questions