NATD Firewall Rules Setup
Micheal Patterson
micheal at cancercare.net
Sat Aug 23 22:51:00 PDT 2003
----- Original Message -----
From: "Thomas Smith" <tom at openadventures.org>
To: <freebsd-questions at freebsd.org>
Sent: Friday, August 22, 2003 1:40 PM
Subject: NATD Firewall Rules Setup
> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
> locked down as I need it to be but am having issues getting NAT working.
> The firewall config file is included below.
>
> Note that if I add the "allow all" rule to the end of the file NAT works
> fine. I'm certain its an IPFW issue but haven't been able to figure it
> out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation
> (preferably with examples of usage) would be very helpful. I haven't
> been able to find a lot of info outside of the Handbook and what I do
> find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow
> all traffic.
>
<snip>
> # Allow NAT traffic out.
> /sbin/ipfw add divert natd all from any to any via ${oif}
Unless things have changed since I started using NAT years ago with 2.7,
your rule to divert to NAT needs to be the very first rule of your firewall.
Any rules after will still be processed as normal since NAT reinjects the
packet back into the firewall at the next rule number for any additional
processing.
--
Micheal Patterson
Network Administration
Cancer Care Network
405-733-2230
More information about the freebsd-questions
mailing list