ipfw with NAT and ARP

Andrea E. andrea at ae4u.de
Mon May 3 08:09:33 PDT 2004 

hi,

i have installed and configured freebsd 5.2.1 new. now i can do ping and 
all other network commands.
at this moment I don't know, what the problem was.

thanks for all your help

Andrea


Supote Leelasupphakorn wrote:
> Hi Andrea E.
> 
>    From my understand if you'd like to ping from EXTERNAL ip
> to EXTERNAL ip, the firewall is not involve because it will
> reach each other directly. Could you confirm that you'd like 
> to "ping from EXTERNAL ip to EXTERNAL ip" so someone can find
> out the solution ?
> 
> Cheers,
> pjn
> 
>  --- Supote Leelasupphakorn <pjn0211 at yahoo.com> wrote: > Hi,
> 
>>I am a newbie and my question is very easy perhaps. I work
>>with
>>FreeBSD
>>5.2.1
>>
>>I would like to configure a firewall with to interfaces (xl0 =
>>LAN, xl1
>>= External)
>>
>>For NAT I have configured like discribed in the manualpage of
>>natd:
>>
>>ipfw -f flush
>>ipfw add divert natd all from any to any via xl1
>>ipfw add allow all from any to any
>>
>>-> all is fine.
>>
>>But, I wont so a simple firewall and for this reason, first I
>>want to
>>configure the ICMP-protocol:
>>
>>ip_ext => External IP-Address
>>
>>ipfw -f flush
>>ipfw add divert natd all from any to any via xl1
>>ipfw add allow icmp from $ip_ext to any icmptypes 8 out via
>>xl1
>>ipfw add allow icmp from any to $ip_ext icmptypes 0  in via
>>xl1
>>
>>-> It's not ok. With "ethereal" no pakets are going out (test
>>from an
>>other system, connected with a HUP.)
>>
>>When testing "ping" from external to external IP-Adress of my
>>firewall,
>>the ARP-request: to broadcast Who has xxx.xxx.xxx.xxx? Tell
>>xxx.xxx.xxx.xxx fails
>>
>>-> seems to have a problem to let ARP through the firewall.
>>
>>Above -> "ipfw add allow all from any to any" let ARP through
>>the
>>firewall. So I think, thats the configuration of the rest of
>>my
>>computer
>>(like kernel, rc.conf, etc. ist ok)
>>
>>And there are no ARP-protocol in /etc/protocols, so I don't
>>know, what I
>>can do now.
>>
>>There is a bug:
>>After restarting system with above configuration of
>>icmp-protocol no
>>ping-request is going out. After a flush of all rules and
>>configuring of
>>"ipfw add allow all from any to any" ping-request get an
>>answer.
>>Very interesting is to flush all rules und to configure the
>>firewall
>>like the first configuring (to allow special rules for
>>icmp-protocol ->
>>all works very fine. ping-request get an answer. Whenn
>>restarting system
>>the ping-request get no answer again, I mean, the ping-request
>>is not
>>send out.
>>
>>Can anybody help me? Hope to get an answer.
>>
>>I hope you can understand me, my English isn't very well.
>>
>>Greatings from Berlin,
>>
>>	Andrea E.
>>
>>
>>
> 
> ________________________________________________________________________
> 
>>Yahoo! Messenger - Communicate instantly..."Ping" 
>>your friends today! Download Messenger Now 
>>http://uk.messenger.yahoo.com/download/index.html 
> 
> 
> ________________________________________________________________________
> Yahoo! Messenger - Communicate instantly..."Ping" 
> your friends today! Download Messenger Now 
> http://uk.messenger.yahoo.com/download/index.html
>

More information about the freebsd-ipfw mailing list