solution: ipfw, natd
Florian Hengstberger
e0025265 at student.tuwien.ac.at
Sat Mar 5 05:44:50 PST 2005
Hi!
With this order (rules 201,501,502), everything works well.
Other orders, although intuitivly correct, don't behave as expected.
I tried divert, allow all from internal, check-state and nothing happened.
# enable the natd
add 00201 divert natd all from any to any via sis0
### TCP ###
# per default only outgoing tcp connections, established from my host are
allowed
# check against the dynamic rulesets, then allow traffic from internal network
add 00501 check-state
add 00502 allow all from any to any via vr0 keep-state
add 00503 deny tcp from any to any in established via sis0
add 00504 deny all from any to any frag in via sis0
# allow all tcp setup connection
add 00505 allow tcp from any to any out via sis0 setup keep-state
Was hard to find, not well documented.
The handbook suggests firewalltype OPEN, which is in fact not very
sensible! A few more words on this would be fine or a reference to
the Ipfw-Advanced-Supplement-HOWTO, which covers this
case.
Florian
More information about the freebsd-questions
mailing list