Hi,
[ipfw]
# check if incoming packets belong to a natted session, allow through if
add 01000 divert natd ip from any to any in via sis0
add 01001 check-state
Default behavior of ipfw is to *BLOCK EVERY PACKET* if you did not say
in your kernel-config "options IPFIREWALL_DEFAULT_TO_ACCEPT.
That's why all your connections time-out...
You need to add few rules for check-state to work:
add 01002 allow tcp from any to any via sis0 setup keep-state
add 01003 allow udp from any to any via sis0 keep-state
add 01004 allow icmp from any to any via sis0 keep-state
BE AWARE YOUR 'FIREWALL' IS COMPLETELY OPEN FOR ANY CONNECTION FROM
INSIDE AND EVEN OUTSIDE!!!
It is very well explained in man ipfw and even better in handbook:
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html)
Peter Rosa
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
