NATD & IPFW
Ryan Merrick
sandshrimp at attbi.com
Wed Apr 2 13:29:42 PST 2003
Brian McCann wrote:
>Hi all. I'm having an issue with security while trying to get natd to
>work with ipfw. I got my ipfw rules working great, so I added the natd
>line in:
>
> ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
>
>But I can't do anything (ping, fetch, etc) until I add:
> ipfw add pass all from any to any
>
>Now, I may be wrong, but doesn't this pretty much open the box up? I
>tried changing the first "any" to my internal network, but that didn't
>work, and I know I've got to be missing something.
>
>If anyone would like to help me off-list, I could send you a copy of my
>rule set if you'd like.
>
>Thanks in advance,
>--Brian
>
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
Hello,
The best way to learn about your firewall is to log all denyed packets
and review the log file while trying different programs that access the
network.
#ipfw add 6500 deny log any to any
#tail -f /var/log/security
Then create rules based on what shows up in the logs.
-Ryan
More information about the freebsd-questions
mailing list