Note that if I add the "allow all" rule to the end of the file NAT works fine. I'm certain its an IPFW issue but haven't been able to figure it out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation (preferably with examples of usage) would be very helpful. I haven't been able to find a lot of info outside of the Handbook and what I do find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow all traffic.
# Internal network variables iif="rl1" inet="192.168.20.0" iip="192.168.20.2" imask="255.255.255.0"
# External network variables oif="rl0" onet="216.161.174.0" oip="216.161.174.7" omask="255.255.255.0"
# Clear current rules /sbin/ipfw -f flush
# Allow TCP in, if setup succeeded /sbin/ipfw add pass tcp from any to any established
# Allow all local traffic /sbin/ipfw add pass all from 127.0.0.1 to 127.0.0.1
# Stop spoofing
/sbin/ipfw add deny all from ${inet}:${imask} to any in via ${oif}
/sbin/ipfw add deny all from ${onet}:${omask} to any in via ${iif}# Stop RFC1918 nets on the external interface
/sbin/ipfw add deny all from 10.0.0.1:255.0.0.0 to any via ${oif}
/sbin/ipfw add deny all from 127.16.0.0:255.240.0.0 to any via ${oif}
/sbin/ipfw add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}# Allow internal network traffic
/sbin/ipfw add pass all from ${iip} to any
/sbin/ipfw add pass all from ${inet}:${imask} to ${iip}# Allow NAT traffic out.
/sbin/ipfw add divert natd all from any to any via ${oif}# Allow setup of SSH connections
/sbin/ipfw add pass tcp from any to ${oip} 22 setup_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
