NATD Firewall Rules Setup

Bob Hall rjhjr at
Fri Aug 22 12:13:52 PDT 2003

On Fri, Aug 22, 2003 at 11:40:50AM -0700, Thomas Smith wrote:
> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall 
> locked down as I need it to be but am having issues getting NAT working. 
> The firewall config file is included below.
> Note that if I add the "allow all" rule to the end of the file NAT works 
> fine. I'm certain its an IPFW issue but haven't been able to figure it 
> out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation 
> (preferably with examples of usage) would be very helpful. I haven't 
> been able to find a lot of info outside of the Handbook and what I do 
> find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow 
> all traffic.

All NAT does is translate your IP addresses. If it works with the "allow 
all" rule, then it works. It's the firewall, not NAT, that you need to 

When I set up my current firewall, I ran tcpdump for about a week, 
saving the output to a (huge) file. Then I analyzed it with nstreams 
to get an idea of what the traffic was like and what rules were needed. 
I still needed to do some tweaking; e.g. Windows vs. FBSD traceroute, 
but nstreams got me 90% of the way there.

Bob Hall

More information about the freebsd-questions mailing list