Hello,Hi all. I'm having an issue with security while trying to get natd to work with ipfw. I got my ipfw rules working great, so I added the natd line in:
ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
But I can't do anything (ping, fetch, etc) until I add: ipfw add pass all from any to any
Now, I may be wrong, but doesn't this pretty much open the box up? I tried changing the first "any" to my internal network, but that didn't work, and I know I've got to be missing something.
If anyone would like to help me off-list, I could send you a copy of my rule set if you'd like.
Thanks in advance, --Brian
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The best way to learn about your firewall is to log all denyed packets and review the log file while trying different programs that access the network.
#ipfw add 6500 deny log any to any
#tail -f /var/log/security
Then create rules based on what shows up in the logs.
-Ryan
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
