NAT/ipfw blocking internal traffic
freebsd at rgbaz.eu
Fri Nov 1 09:22:57 UTC 2013
On 31 okt 2013, at 09:09, Da Rock wrote:
> On 10/30/13 05:57, Casey Scott wrote:
>> My NAT and ipfw ruleset follow almost exactly what is given at http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
>> The problem I'm encountering is that a portion of my outbound internal traffic is being blocked by ipfw. This is a fresh Freebsd installaion, so I'm kind of at a loss since the config matches the handbook. Any suggestions are appreciated.
> From what I have gathered the handbook is getting out of date - particularly in this area. Try the IPFW list (they're very helpful and rather quick to respond), but try checking the scripts in /etc first. Man should be up to date too.
> You should find some generic settings such as OPEN, SECURE, etc in the scripts /etc. Just set the rc.conf to use those, and season to taste ;)
I've setup a server myself using IPFW not long ago
and used Example #2 form the page you mention.
two things I changed to make things work for my situation:
i completely removed rule nr 450:
$cmd 450 deny log all from any to any out via $pif
and I removed the 'setup' from
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state
so it's now:
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif keep-state
450 is there to block all unauthorised outgoing traffic.
There was no need for me to block this traffic as strictly.
Could this also be your problem?
More information about the freebsd-questions