NATD & IPFW
Joshua Lokken
joshualokken at attbi.com
Mon Apr 7 14:31:08 PDT 2003
* Brian McCann (bjm1287 at ritvax.rit.edu) wrote:
==> Hi all. I'm having an issue with security while trying to get natd to
==> work with ipfw. I got my ipfw rules working great, so I added the natd
==> line in:
==>
==> ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
==>
==> But I can't do anything (ping, fetch, etc) until I add:
==> ipfw add pass all from any to any
==>
==> Now, I may be wrong, but doesn't this pretty much open the box up? I
==> tried changing the first "any" to my internal network, but that didn't
==> work, and I know I've got to be missing something.
==>
==> If anyone would like to help me off-list, I could send you a copy of my
==> rule set if you'd like.
==>
==> Thanks in advance,
==> --Brian
I had trouble with this, too, and I found that when I changed the location
of the divert rule, the behavior changed.
--
Joshua
More information about the freebsd-questions
mailing list