natd and open firewall problem
Bill Hacker
wbh at conducive.org
Fri Feb 25 23:11:46 PST 2005
justin at xxxxxxxxxxxxxxxxxx wrote:
I converted a FreeBSD machine running NAT to DragonFly, and I noticed that
on every boot, I'd end up with a firewall rule that would accept all
packets. Fine and good, but it kept data from making it to the divert
rule that handled traffic 'behind' the machine.
Looking at /etc/rc.firewall, it appears that having a firewall type of
"open" set in your rc.conf will give you rule 1 'pass all from any to
any', while it's rule 50 that gets natd working. Nothing makes it past
rule 1.
ipfw set move rule 1 to (n)
- where 'n' is greater than 50 and less than 65000
should solve your immediate need.
But check the rest of your installed ruleset first,
. ... especially if you are remoted in over ssh <g>
The Handbook's (inherited) docs describe an open firewall setting as
working with natd, and that is what worked when this was a FreeBSD 4
machine. Am I reading this correctly as an error?
FreeBSD leaves 'allow ip from any to any' until rule 65000,
Here DragonFlyBSD has it as rule 1.
Is this a philosophical change, or the wrong ruleset?
*SNIP*
More information about the Users
mailing list