problems with ipfw + natd rules
Prodigy
prodigy at punktas.lt
Wed Mar 31 20:38:43 PST 2004
I tried to allow only 80 port, but the result is the same. I have also tried
ipf + ipnat, but i need to block internet connection to some users by MAC
address, and ipf doesn't know, what MAC address is. Maybe i can block MAC
addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9.
> On Wed, 2004-03-31 at 20:27, Prodigy wrote:
> > ${fwcmd} add 400 pass tcp from any
22,80,110,119,143,443,3306,5190,6667-7000
> > to any via rl1
> > ${fwcmd} add 500 pass tcp from any to any
> > 22,80,110,119,143,443,3306,5190,6667-7000 via rl1
> >
> > When I comment out 400 and 500 rules and add "allow all from any to any
via
> > rl1" it's all ok. The problem is somewhere in 400 and 500 rules.
>
> Those lines (400 and 500) sure look like they could cause trouble. Try
> chopping them up per port number/range across multiple lines.
>
> ipfw and natd are nice for the quick-and-dirty setups, but if you need
> something more predictable, configurable, and debuggable....switch to
> ipfilter and ipnat. You'll find yourself very much in control over your
> firewall/nat environment.
>
> Andre
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list