Joshua Lokken joshualokken at
Mon Apr 7 14:31:08 PDT 2003

* Brian McCann (bjm1287 at wrote:
==> Hi all.  I'm having an issue with security while trying to get natd to
==> work with ipfw.  I got my ipfw rules working great, so I added the natd
==> line in:
==>   ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
==> But I can't do anything (ping, fetch, etc) until I add:
==>   ipfw add pass all from any to any
==> Now, I may be wrong, but doesn't this pretty much open the box up?  I
==> tried changing the first "any" to my internal network, but that didn't
==> work, and I know I've got to be missing something.
==> If anyone would like to help me off-list, I could send you a copy of my
==> rule set if you'd like.
==> Thanks in advance,
==> --Brian

I had trouble with this, too, and I found that when I changed the location
of the divert rule, the behavior changed.


More information about the freebsd-questions mailing list