natd and open firewall problem

justin at shiningsilence.com justin at shiningsilence.com
Fri Feb 25 20:13:01 PST 2005


I converted a FreeBSD machine running NAT to DragonFly, and I noticed that
on every boot, I'd end up with a firewall rule that would accept all
packets.  Fine and good, but it kept data from making it to the divert
rule that handled traffic 'behind' the machine.

Looking at /etc/rc.firewall, it appears that having a firewall type of
"open" set in your rc.conf will give you rule 1 'pass all from any to
any', while it's rule 50 that gets natd working.  Nothing makes it past
rule 1.

The Handbook's (inherited) docs describe an open firewall setting as
working with natd, and that is what worked when this was a FreeBSD 4
machine.  Am I reading this correctly as an error?

case ${firewall_type} in
    [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
    case ${natd_enable} in
        [Yy][Ee][Ss])
        if [ -n "${natd_interface}" ]; then
            ${fwcmd} add 50 divert natd all from any to any via
${natd_interface
}
        fi
        ;;
    esac
esac

case ${firewall_type} in
    [Oo][Pp][Ee][Nn])
        allow_loopback
        deny_spoof
        ${fwcmd} add 1 pass all from any to any
    ;;







More information about the Users mailing list