NAT/ipfw blocking internal traffic

[FBSD UG]

On 31 okt 2013, at 09:09, Da Rock wrote:

> On 10/30/13 05:57, Casey Scott wrote:
>> Hello,
>> 
>> My NAT and ipfw ruleset follow almost exactly what is given at http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
>> 
>> The problem I'm encountering is that a portion of my outbound internal traffic is being blocked by ipfw. This is a fresh Freebsd installaion, so I'm kind of at a loss since the config matches the handbook. Any suggestions are appreciated.
>> 
> From what I have gathered the handbook is getting out of date - particularly in this area. Try the IPFW list (they're very helpful and rather quick to respond), but try checking the scripts in /etc first. Man should be up to date too.
> 
> You should find some generic settings such as OPEN, SECURE, etc in the scripts /etc. Just set the rc.conf to use those, and season to taste ;)
> 
> HTH
> _______________________________________________

Hi Casey,


I've setup a server myself using IPFW not long ago
and used Example #2 form the page you mention.

two things I changed to make things work for my situation:
i completely removed rule nr 450:
$cmd 450 deny log all from any to any out via $pif

and I removed the 'setup' from
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state
so it's now:
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif keep-state


450 is there to block all unauthorised outgoing traffic.
There was no need for me to block this traffic as strictly.
Could this also be your problem?

greets
Arno