Operation: "ipfw on a gateway box"
Michael C. Shultz
ringworm01 at gmail.com
Fri Feb 18 05:01:55 GMT 2005
On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote:
> > > Does anything work *without* the firewall?
> > Yes, before I started messing with the firewall I had squid
> > set up, I set up FreeBSD as a gateway and also as a DNS
> > server. I could acces the WWW, ftp, telnet and all the
> > other services at will, inside and outside my home LAN.
> Try temporarily setting the firewall to just pass everything
> ("ipfw add 1 allow ip from any to any") and see if you can still get
> out through it. I'm guessing something else may be messed up now.
If he is using it as a gateway for other machines he will still need
NAT. Try this to open the fire wall up:
ipfw add 00100 allow all from any to any via $private
ipfw add 00110 allow all from any to any via $loopBack
# Net Address Translate (NAT) incomming packets
ipfw add 00120 divert natd ip from any to any in via $public
# Net Address Translate (NAT) out going packets
ipfw add 01000 divert natd ip from any to any out via $public
ipfw add 01010 allow ip from any to any
I just clipped these from my rules, thats why the weird numbering
More information about the freebsd-questions