Hi! With this order (rules 201,501,502), everything works well. Other orders, although intuitivly correct, don't behave as expected. I tried divert, allow all from internal, check-state and nothing happened.
# enable the natd add 00201 divert natd all from any to any via sis0 ### TCP ### # per default only outgoing tcp connections, established from my host are allowed # check against the dynamic rulesets, then allow traffic from internal network add 00501 check-state add 00502 allow all from any to any via vr0 keep-state add 00503 deny tcp from any to any in established via sis0 add 00504 deny all from any to any frag in via sis0 # allow all tcp setup connection add 00505 allow tcp from any to any out via sis0 setup keep-state Was hard to find, not well documented. The handbook suggests firewalltype OPEN, which is in fact not very sensible! A few more words on this would be fine or a reference to the Ipfw-Advanced-Supplement-HOWTO, which covers this case. Florian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
