problems with ipfw + natd rules
Andre Post
apost at high-low.net
Wed Mar 31 11:44:23 PST 2004
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
> ${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
> to any via rl1
> ${fwcmd} add 500 pass tcp from any to any
> 22,80,110,119,143,443,3306,5190,6667-7000 via rl1
>
> When I comment out 400 and 500 rules and add "allow all from any to any via
> rl1" it's all ok. The problem is somewhere in 400 and 500 rules.
Those lines (400 and 500) sure look like they could cause trouble. Try
chopping them up per port number/range across multiple lines.
ipfw and natd are nice for the quick-and-dirty setups, but if you need
something more predictable, configurable, and debuggable....switch to
ipfilter and ipnat. You'll find yourself very much in control over your
firewall/nat environment.
Andre
More information about the freebsd-questions
mailing list