[Please don't cross-post]
You did not tell us what exactly does not work.
DNS should work, and FTP should not as it requires data
channel on a separate port. If that's the case, you
may run natd(8) with the -punch_fw option.
On Wed, Sep 19, 2001 at 05:06:38PM +0300, Vladimir Terziev wrote:
> Sorry, but there is a rule number mistake in my previous e-mail with the same
> subject.
>
> I have a gateway machine which runs NATD (natd -unregistered_only -interface
> an0) and have IP packet filter IPFW with the following rules:
>
>
> ipfw add 100 allow ip from any to any via lo0
>
> ipfw add 10002 skipto 20000 tcp from 192.168.15.2 to any 21
> ipfw add 10003 skipto 20000 tcp from 192.168.15.2 to any 53,6667,6668
> ipfw add 10004 skipto 20000 udp from 192.168.15.2 to any 53,4000
>
> ipfw add 11000 deny ip from 192.168.15.0/24 to any
>
> ipfw add 20000 divert natd ip from any to any via an0
>
> ipfw add 30000 allow ip from PUBLIC_IP to any
> ipfw add 30000 allow ip from any to PUBLIC_IP
>
> ipfw add 40001 allow tcp from any 21 to 192.168.15.2 established
> ipfw add 40002 allow tcp from any 53,6667,6668 to 192.168.15.2 established
> ipfw add 40003 allow udp from any 53,4000 to 192.168.15.2
>
> ipfw add 65000 deny ip from any to any
>
>
> The gateway machine is FreeBSD 4.4-RC and has 2 interfaces (internal, and
> external - an0). I need only one of machines in the local network to have
> connectivity to "the rest of the world".
>
> I've read all the documentation about ipfw(8), divert(4) and natd(8).
> Regarding to it the above rules should provide what I want, but they don't !!!
>
> Does anybody have an idea why?
>
> regards,
> Vladimir
--
Ruslan Ermilov Oracle Developer/DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
