--------- Forwarded Message ---------

DATE: Tue, 25 Feb 2003 16:06:22
From: "Joshua Lokken" <[EMAIL PROTECTED]>
To: "Questions" <[EMAIL PROTECTED]>


Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I 
had not backed things up properly.  Attached is my ipfw ruleset.  After the rebuild, I 
rewrote things from memory.  

When I remove the default deny rule from the list, nat works fine, port redirections 
and all, but with the deny rule in place, nat isn't working, so I'm thinking I have a 
rule in the wrong place.  Can anyone point out any obvious missing/misplaced rules 
here?  Thanks much.


Joshua Lokken
FreeBSD:  The Power to Serve!

--------- End Forwarded Message ---------
My apologies for the missing attachment...
and for the M$ formatted file ;(

Need a new email address that people can remember
Check out the new EudoraMail at
$fwcmd -f flush

$fwcmd add allow all from any to any via lo0

$fwcmd add divert natd all from any to any via $oif

$fwcmd add allow tcp from any to $oip 22,80,443,6346,22002,22003,22010 setup

$fwcmd add allow tcp from any to any established

$fwcmd add allow icmp from any to any icmptypes 3,4,11,12

$fwcmd add check-state

$fwcmd add allow ip from $oip to any keep-state out via $oif

$fwcmd add allow ip from $inwr to any keep-state via $iif

$fwcmd add 65435 deny log ip from any to any

Reply via email to