Hi all
I'm on 192.168.1.62, the server running on 192.168.1.3 and listen to port 1234.
I want any connection going out of my machine to port 1234 to port forward to
192.168.1.3:1234.
But when I attempt to connect to 192.168.1.1:1234 , natd shows following
verbose message:
natd[2051]: Aliasing
Hi there, a few months ago I inquired about an issue where using
ipfw+natd worked on 8.0 but produced errors in 8.1. After searching the
bugs database, I found multiple reports about it -
http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/148137 and
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern
Since a rebuild to FBSD 8.1, I can't get natd to function correctly. Below is
my ipfw config. It closely follows the example in the Handbook.
http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html (30.6.5.7 An
Example NAT and Stateful Ruleset -- Ruleset #1)
firewall config (logging
Здравствуйте, Casey.
00300 0 0 deny ip from 192.168.0.0/16 to any in via fxp0
00301 0 0 deny ip from 172.16.0.0/12 to any in via fxp0
00302 0 0 deny ip from 10.0.0.0/8 to any in via fxp0
00303 0 0 deny ip from 127.0.0.0/8 to any in via fxp0
00304 0
Just a sidenote:
On Sat, 15 May 2010 02:33:10 +0200, umage theultram...@gmail.com wrote:
However, if I
run the script manually, or call it from the end of /etc/rc, it will add
these rules as well. Currently I am using a workaround.
It's not a good idea to modify /etc/rc. In your case, using
I performed a kernel+world update of my freebsd router, RELENG_8 branch,
apparently from the version 6 months ago to current. I use ipfw and a
shell script that gets loaded at startup. I noticed after rebooting that
ipfw did not load two rules, both of type divert natd. However, if I
run the
On Sat, May 15, 2010 at 02:33:10AM +0200, umage wrote:
I performed a kernel+world update of my freebsd router, RELENG_8 branch,
apparently from the version 6 months ago to current. I use ipfw and a
shell script that gets loaded at startup. I noticed after rebooting that
ipfw did not load two
mr. phreak [EMAIL PROTECTED] writes:
Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of
people have
and I've googled my ass off. Still I can't get it right. I'm trying to
forward port 1213 in/out for dc++ usage.
this is my setup:
__WAN router (192.168.1.1
Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of
people have
and I've googled my ass off. Still I can't get it right. I'm trying to
forward port 1213 in/out for dc++ usage.
this is my setup:
__WAN router (192.168.1.1)
|
|
(FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0
On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?? ?? wrote:
I'm a junior in FreeBSD, and I faced with problem.
You should know that others have mailers that are thread enabled. This
means that when you compose a new mail, but you that the reply sort cut
others may not read this,
Hi,
I'm runnig fbsd as a router at home for dsl. Everything was runing fine
until one day. Suddenly all pcs in lan stoped opening foreign web pages
and connecting to foreign hosts, though I could ping those hosts.
That seemd like isp problem so i called them and they said everything is
fine. So
Hi, all--
I'm working on a new firewall running FreeBSD-5.4, IPFW, and natd for a small
client network of about 50 boxes, using a single routable IP via a T1 link.
They want to set up a Cisco 87x router as a VPN endpoint, my part is to set up
forwarding of the VPN traffic via the firewall to
Chuck Swiger wrote:
Is there any way to convince natd to re-read the natd.conf file short
of killing and restarting the daemon entirely? The manpage didn't say
so, and kill -HUP terminates the process.
If there was, I would expect /etc/rc.d/natd to support a reload option,
but I don't see
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
seems to be working properly. But why are sites failing to do anything?
I got running natd with the verbose option and successfull request of
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss fix. PPPoE
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Frank de
Bot
Sent: Monday, May 09, 2005 6:42 PM
To: freebsd-questions@freebsd.org
Subject: ipfw + natd = some sites won't work :-S
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
like
Google
Emanuel Strobl wrote:
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss
network layout and how you
connect to the internet is needed.
List sites you can not access.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Frank de
Bot
Sent: Monday, May 09, 2005 6:42 PM
To: freebsd-questions@freebsd.org
Subject: ipfw + natd = some sites
Am Dienstag, 10. Mai 2005 01:04 schrieb Frank de Bot:
Emanuel Strobl wrote:
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
like Google for instance does work, but many other don't. All other
protocols
I
Emanuel Strobl wrote:
The problem is the same: IP-IP tunneling reduces TCPs mss which the linux
box doesn't fix. ICMP will work of course, TCP with full payload won't.
I don't knwo how/why you tunnle IP into IP on that linux box, but that's
the point where you have to dig.
Good luck,
-Harry
Am Dienstag, 10. Mai 2005 01:19 schrieb Frank de Bot:
Emanuel Strobl wrote:
The problem is the same: IP-IP tunneling reduces TCPs mss which the
linux box doesn't fix. ICMP will work of course, TCP with full payload
won't. I don't knwo how/why you tunnle IP into IP on that linux box,
but
Deling Ren [EMAIL PROTECTED]:
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7). I have
Hi!
With this order (rules 201,501,502), everything works well.
Other orders, although intuitivly correct, don't behave as expected.
I tried divert, allow all from internal, check-state and nothing happened.
# enable the natd
add 00201 divert natd all from any to any via sis0
### TCP ###
# per
Deling Ren [EMAIL PROTECTED] writes:
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7).
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7). I have the following as part of
James A. Coulter [EMAIL PROTECTED] writes:
Here is my IPFW ruleset and my rc.conf. Hoping someone can point out
the error of my ways.
You have a very restrictive ruleset there. On my home network, I
allow everything to go out from inside. If you don't do that, my
favorite options would be
Hoping someone can provide a solution to the following problem:
I am using a FBSD 4.10 box as a gateway/router/firewall between a cable
modem and my home lan and its been working great for several months.
All machines behind my firewall are able to connect to the outside world
for http,
snip
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
But I only want a customer from their static ip address to be able to login
and block everything else
Is this possible in an natd enviroment?
Any examples?
Port forwarding works ok, I just
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
But I only want a customer from their static ip address to be able to login
and block everything else
Is this possible in an natd enviroment?
Any examples?
Port forwarding works ok, I just can't
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
Sent: Thursday, October 14, 2004 11:01 AM
To: 'FreeBSD Questions'
Subject: IPFW NATD
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
But I only want
Your ipfw rules are invalid.
They seem to work perfectly. My only gripe is that static rule
#15100 is required to succeed with redirect_port from 1.2.3.4:80 to
192.168.2.250:80 when 192.168.1.247 requests a web page using the domain
name for 1.2.3.4. I'm looking for a solution that doesn't
PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, August 08, 2004 2:11 PM
To: [EMAIL PROTECTED]
Subject: IPFW/NATD Transparent Proxy
Anyone up for a challenge?
I've come to the conclusion that IPFW/NATD cannot support
transparent
proxying with ONLY stateful rules. I'd like to hear from
: Sunday, August 08, 2004 2:11 PM
To: [EMAIL PROTECTED]
Subject: IPFW/NATD Transparent Proxy
Anyone up for a challenge?
I've come to the conclusion that IPFW/NATD cannot support
transparent
proxying with ONLY stateful rules. I'd like to hear from anyone who
has
been successful doing so
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, August 08, 2004 5:43 PM
To: [EMAIL PROTECTED]
Subject: Re: IPFW/NATD Transparent Proxy
On Sunday 08 August 2004 04:38 pm, JJB wrote:
A new rewrite of the FreeBSD
--On Sunday, August 08, 2004 18:43:21 -0400 [EMAIL PROTECTED] wrote:
No, I want a user on 192.168.1.247 to be redirected to 192.168.2.250:80 when
they request 1.2.3.4:80, where 1.2.3.4 is a PUBLIC ip number on the FreeBSD
internet gateway. Again, the configuration is
de0 = PUBLIC IP =
9000 -f /etc/natd.conf
On Sunday 08 August 2004 06:30 pm, Eric Crist wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, August 08, 2004 5:43 PM
To: [EMAIL PROTECTED]
Subject: Re: IPFW/NATD Transparent Proxy
For the list's archives.
Here is everything you need for ipfw/natd/stateful.
Add these statements to kernel source and compile kernel to enable
# Enable kernel IPFW.
#
option IPFIREWALL # Adds filtering code
into kernel
option IPFIREWALL_VERBOSE
Hello,
i have a problem with ipfw + natd. The problem is that my FreeBSD server
isn't routing internet. First I have used FreeBSD4.9-STABLE, then i tried to
upgrade to FreeBSD4.9-RELEASE-p4. Result is the same - no internet for lan
users. Take a look at my configuration files:
rc.conf
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
to any via rl1
${fwcmd} add 500 pass tcp from any to any
22,80,110,119,143,443,3306,5190,6667-7000 via rl1
When I comment out 400 and 500 rules and add allow all from any
I tried to allow only 80 port, but the result is the same. I have also tried
ipf + ipnat, but i need to block internet connection to some users by MAC
address, and ipf doesn't know, what MAC address is. Maybe i can block MAC
addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9.
On Wed,
Hi,
I have problem with freebsd. I'm using ipfw + natd to share internet connection to my
network (LAN) users, but my server is not sharing internet. My server has internet. It
pings google.com, etc.
Machine: FreeBSD4.9-STABLE
Kernel configuration:
# ... Some other stuff goes here
options
- Original Message -
From: Prodigy [EMAIL PROTECTED]
To: freebsd-questions [EMAIL PROTECTED]
Sent: Tuesday, March 09, 2004 10:53 AM
Subject: ipfw + natd - not sharing internet for LAN users
snip
# ipfw show
65535 1546 115746 allow ip from any to any
This is your problem. Even
Hi,
I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
a list with some details:
*) The FreeBSD box uses natd and ipfw, and have two external IP:s,
lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
*) natd is used to redirect access to external IP addresses and ports
to internal
Hello,
On Sun, 2003-08-10 at 22:38, Johannes Angeldorff wrote:
Hi,
I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
a list with some details:
*) The FreeBSD box uses natd and ipfw, and have two external IP:s,
lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
*) natd is
Hi,
I have similar problem.
I'm using IPF IPNAT to redirect outbound connection
to the internal IP addr. It's been 4 months I can't
solve it :(
The result so far:
The connection was refused (Netscape)
Alert! Unable to connect (Lynx)
TIA
Here is the details
IPF.CONF
block in log all
pass out
On Wed, 06 Aug 2003 21:28:19 -0700
[EMAIL PROTECTED] wrote:
I want to forward port 80 from an outside ip to an internal ip of
192.168.1.150 dc1 is tun0 pppoe / dc0 is lan
I have read what seems like 5 diff ways to do this but the only
result has been to lock myself out of the computer.
On Wed, 6 Aug 2003 20:55:47 -0500 (CDT)
Mark [EMAIL PROTECTED] wrote:
I am still unable to connect from the outside,
from the kernel config
# ipfw options
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options
Hi!
I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
a list with some details:
*) The FreeBSD box uses natd and ipfw, and have two external IP:s,
lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
*) natd is used to redirect access to external IP addresses and ports
to
I am still unable to connect from the outside,
from the kernel config
# ipfw options
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
#To hide firewall from traceroute
options IPSTEALTH
#To hide from nmap,
I want to forward port 80 from an outside ip to an internal ip of
192.168.1.150 dc1 is tun0 pppoe / dc0 is lan
I have read what seems like 5 diff ways to do this but the only
result has been to lock myself out of the computer.
What have I missed.
rc.conf settings
firewall_enable=YES
On Thu, 7 Aug 2003 04:33:43 +0200
Clement Laforet [EMAIL PROTECTED] wrote:
oups :
use this
natd_flags=-dynamic -redirect_port 192.168.1.150:80 80
natd_flags=-dynamic -redirect_port tcp 192.168.1.150:80 80
that's better ;)
___
[EMAIL PROTECTED]
I could sure use an idea for solving the following. We have a perfectly
functional but saturated ds0 with our telco that is very expensive. We
have squid running with transparent proxy for our LAN that consists of
about 10-15 users. [ fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 ]
It
On Mon, Aug 04, 2003 at 06:24:42AM -0700, [EMAIL PROTECTED] wrote:
I could sure use an idea for solving the following. We have a perfectly
functional but saturated ds0 with our telco that is very expensive. We
have squid running with transparent proxy for our LAN that consists of
about 10-15
Hi,
I have two networks: 10.1.0.0/16 and 10.2.0.0/16
Only that I need to make the NAT for only a one network, 10.2.0.0/16. Network
10,1,0,0/16 does not have external access.
How I configure in ipfw + natd so that this is possible?
My interface of exit is xl0 interface of network 10.1.0.0/16
- Original Message -
From: Vitor de Matos Carvalho [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 13, 2003 7:18 AM
Subject: IPFW + NATD
Hi,
I have two networks: 10.1.0.0/16 and 10.2.0.0/16
Only that I need to make the NAT for only a one network, 10.2.0.0/16.
Network
)9986-9317
Salvador - Bahia - Brazil
FreeBSD: The silent Workhorse
- Original Message -
From: Micheal Patterson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, July 13, 2003 1:53 PM
Subject: Re: IPFW + NATD
- Original Message -
From: Vitor de Matos
I'd like to come up a ruleset that handles the following example. Suppose I
have a daemon listeing on port 2000 and I'd like outside clients to be able
to communicate with the daemon by addressing traffic to port 2000 or port
2001. So,
suppose I have for my natd configuration:
FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
DNS,Bind is not running here.
www Public address is redirected to it's DMZ address.
The www server in the DMZ can be accessed by name from the Internet but
only by it's private DMZ IP address from the LAN side. Attempt to access
it by name
FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
DNS,Bind is not running here.
www Public address is redirected to it's DMZ address.
The www server in the DMZ can be accessed by name from the Internet but
only by it's private DMZ IP address from the LAN side. Attempt to access
it by
On Sat, 29 Mar 2003 14:50:22 -0800 (PST), Charlie Schluting wrote:
FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
DNS,Bind is not running here.
www Public address is redirected to it's DMZ address.
The www server in the DMZ can be accessed by name from the Internet
but
only by
On Sat, Mar 29, 2003 at 03:11:09PM -0800, [EMAIL PROTECTED] wrote:
[...]
How can I redirect traffic to the WWW server from the LAN side ?
Thanks, Jay.
This is in the howto I followed (but I don't remember how)... there's
about 5 good ones that can be found via google.
Basically,
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
open until problem is solved. server can
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
open until
that i need to rebuild kernel?
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything
127.0.0.0/8 to any
65000 4208345040 all ip from any to any
65535 0 0 deny ip from any to any
thanks for assistance!
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can
from any to any
thanks for assistance!
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Stephen D.
Kingrea
Sent: Friday, January 17, 2003 8:53 AM
To: Bill Moran
Cc: [EMAIL PROTECTED]
Subject: Re: different ipfw/natd prob
following is rc.conf, /etc/natd.conf, ifconfig, ipfw show
rc.conf
inetd_enable=YES
Stephen D. Kingrea wrote:
oh, this looks bad before i do that, i should mention that in the
meantime, i tried to add a divert rule and got
ip_fw_ctl: invalid command
on boot, i get
IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging
i agree. it does seem that i need to recompile:
www# ipfw add diver natd all from any to any via dc0
ip_fw_ctl: invalid command
ipfw: getsockopt(IP_FW_ADD): Invalid argument
would seem to indicate this..
i shall commence, as per yours and JoeB's suggestion and report back
thank you both
On Wed, 15 Jan 2003 19:08:08 -0600
Redmond Militante [EMAIL PROTECTED] wrote:
[...]
at the moment, it's not working.
on machine 2, i can't ping www.freebsd.org - i get 'hostname lookup
failure', i can't ping xl0 - external nic on machine 1 - ping
129.x.x.35 gives me a 'host is down message'
- i've run an ethernet cable from xl1 - integrated intel 1000 pro nic on
machine 1 - to machine 2's nic.
i've edited machine 2's /etc/rc.conf so that it points to the internal
nic - xl1 on machine 1 as it's default gateway:
Ethernet cable? Or crossover cable?
If it's straight cable, you need
hi again
i have two machines - one has two nics, one has one nic. i'd like to set up the
machine with two nics as a gateway/natd box, and place the second machine behind it.
gateway machine's kernel has been recompiled with:
options IPFIREWALL
options IPDIVERT
options
Redmond Militante wrote:
hi again
i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two
nics as a gateway/natd box, and place the second machine behind it.
gateway machine's kernel has been recompiled with:
options IPFIREWALL
options IPDIVERT
Let me ask some questions to help diagnose this:
1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1?
yes to both
2. What's in /etc/resolv.conf on the gateway and the client machine?
/etc/resolv.conf is identical on gateway and client machines
search
Redmond Militante wrote:
xl1: flags=3D8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=3D3rxcsum,txcsum
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2=20
ether 00:06:5b:80:98:5b
Redmond Militante wrote:
snip reply that verifies that DNS is configured properly
3. What does ifconfig display on the gateway? Does xl1 show as up with a
valid media type?
SNIP
xl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=3rxcsum,txcsum
inet
hi
thanks this worked :)
In the gothic chambers of the underworld on Thu, Jan 16, 2003 at 03:51:55PM -0600,
Daniel Schrock darkly muttered:
Redmond Militante wrote:
xl1: flags=3D8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=3D3rxcsum,txcsum
inet 10.0.0.1
now i'm trying to set up a gateway box using ipfw/natd. i have 2 test machines -
machine 1 has two nics, one's an integrated intel 1000 pro, the other is an old pci
3com 3c905b. machine 1 has a static ip and hostname. machine 2 is virtually identical
except it has only one nic - the intel 1000
I want to redirect incoming ssh packet to another box internally. I have
got the following as my /etc/natd.conf
dynamic yes
log_denied yes
use_sockets yes
same_ports yes
unregistered_only
redirect_port tcp 192.168.0.200:22 4455
When I try to ssh to port 4455 I get nothing - I have ipfw
Hi
I want to redirect incoming ssh packet to another box internally. I have
got the following as my /etc/natd.conf
dynamic yes
log_denied yes
use_sockets yes
same_ports yes
unregistered_only
redirect_port tcp 192.168.0.200:22 4455
When I try to ssh to port 4455 I get nothing - I have ipfw
Hi there,
I have been trying to set up an embedded system from soekris, running a
small version of freebsd on it's internal compact flash hard disk.
The machine is built, I have remote access to it and I intend to use it
as a firewall + nat appliance. Directing traffic from machines internally
Do you have gateway_enable=YES in your firewall?
Can you get packets through both directions just fine with the firewall
set to OPEN?
David
Terrac Skiens wrote:
Hi there,
I have been trying to set up an embedded system from soekris, running a
small version of freebsd on it's internal
since this is a super small distribution I do not have the default open,
closed, and client firewall configs. The set I am using is based on the
client one though, however I adjusted it to allow traffic from the inside
to the outside on specific ports and hopefully keep-state to let the
returning
well you could simply do an ipfw flush and then use ipfw command line to
add back the rule for the loopback device and the natd divert line
(looks like your using natd?), then do a:
ipfw add pass all from any to any
and make sure that you can send and recive traffic in both directions
without
The answer to this is more than likely 'no'.
But I'll try anyways.
Setup: NATD/IPFW
Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the
internet - and everything else to be blocked.
Your machine (10.0.0.2) that is being firewalled by NATD/IPFW works fine.
On Tue, Oct 22, 2002 at 10:55:26AM -0500, Scott Pilz typed:
The answer to this is more than likely 'no'.
But I'll try anyways.
Setup: NATD/IPFW
Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the
internet - and everything else to be blocked.
Your
hi everybody,
i have a fbsd 4.6 router box sitting between a local net (192.168.0.255) and
a
single actual ip from a cable modem. naturally, ive set up natd and ipfw on
it, but instead of going the old way with the semi-stateful rules i decided
to go with keep-state/check-state. but problems
Is PPP trying to do NAT as well as Natd? I use Natd with tun0 all the
time and it works OK..
-D
:-Original Message-
:From: Allan McDonald [mailto:[EMAIL PROTECTED]]
:Sent: Tuesday, July 16, 2002 8:45 AM
:To: [EMAIL PROTECTED]
:Subject: ipfw, natd tun0
:
:
:Hi,
:I'm trying to use natd
88 matches
Mail list logo