Brian McCann bjm1287 at
Tue Apr 1 19:53:43 PST 2003

Hi all.  I'm having an issue with security while trying to get natd to
work with ipfw.  I got my ipfw rules working great, so I added the natd
line in:

  ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE

But I can't do anything (ping, fetch, etc) until I add:
  ipfw add pass all from any to any

Now, I may be wrong, but doesn't this pretty much open the box up?  I
tried changing the first "any" to my internal network, but that didn't
work, and I know I've got to be missing something.

If anyone would like to help me off-list, I could send you a copy of my
rule set if you'd like.

Thanks in advance,

More information about the freebsd-questions mailing list