natd, ipfw problem
Florian Hengstberger
e0025265 at student.tuwien.ac.at
Fri Mar 4 15:52:30 PST 2005
Hi!
Tell me if I should post this otherwhere.
Given two network cards sis0 (external) and vr0 (internal) I'm trying
to give my girlfriend access to the web. Her ip is 192.168.0.2,
I've installed natd, a proper kernel and configured my firewall,
but so far only pings from her computer to the web works.
I guess there's something wrong with my firewall, because only
with the two standard entries (divert and allow all) everything
is fine. But now after hours of googling I can't find anything
which is wrong in my firewall.
the /etc/natd.conf:
interface sis0
use_sockets yes
same_ports yes
redirect_port udp 192.168.0.2:53 53
redirect_port tcp 192.168.0.2:53 53
redirect_port tcp 192.168.0.2:80 80
redirect_port tcp 192.168.0.2:443 443
redirect_port udp 192.168.0.2:123 123
redirect_port tcp 192.168.0.2:123 123
my firewall:
add 00401 divert natd all from any to any via sis0
add 00402 allow ip from any to any via vr0
### TCP ###
add 00501 check-state
add 00502 deny tcp from any to any in established
add 00503 allow tcp from any to any out setup keep-state
# allow dns queries, dns-port=53
add 00601 allow udp from any to any 53 keep-state via sis0
# allow ntp queries, ntp-port=123
add 00603 allow udp from any to any 123 keep-state via sis0
# allow all outgoing udp traffic
add 00621 allow udp from any to any out via sis0
### ICMP ###
# allow outgoing pings and the reply
add 00701 allow icmp from any to any out icmptypes 8
add 00702 allow icmp from any to any in icmptypes 0
# deny and log incoming pings from the outside
add 00703 deny log icmp from any to any in icmptypes 8 via sis0
### SAMBA ###
# allow netbios services to local net, but log everything for debugging
purposes
add 00801 allow log tcp from any to any 137-139 via vr0
add 00802 allow log udp from any to any 137-139 via vr0
Thanks a lot
Florian
More information about the freebsd-questions
mailing list