at the moment, i just use simple configuration that pass all traffic. nothing needed to be restrict.
this is my NAT configuration sample and make it simple ;) #Jalankan NAT /sbin/natd -interface rl0 /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via rl0 /sbin/ipfw add pass all from any to any and the interfaces:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::2e0:4cff:feaa:3e53%rl0 prefixlen 64 scopeid 0x1 inet 192.168.2.231 netmask 0xffffff00 broadcast 192.168.2.255 ether 00:e0:4c:aa:3e:53 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::213:46ff:fe3a:da6f%rl1 prefixlen 64 scopeid 0x2 inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255 ether 00:13:46:3a:da:6f media: Ethernet autoselect (10baseT/UTP) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 regards, koro On Sun, 10 Dec 2006, Nathan Watson wrote:
Hello, I'm running FreeBSD 6.1 with IPF/IPNAT, and I'm having a problem getting my rules to work. The problem is mainly that I want no restrictions on outbound traffic, and I'm not sure how to apply stateful filtering to that. I have the following rule (hme0 is my external interface): pass out quick on hme0 all If I change that to "pass out quick on hme0 all keep state," will that only open the port that the outbound packet was on? Are there any problems that can arise from allowing all outbound traffic? At the moment, my ruleset doesn't pass packets at all... I'm just having lots of troubles here. My ruleset is below, and everything seems to be caught by the last block all rule. Any suggestions?
_______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"