Re: natd and open firewall problem

[Bill Hacker <wbh@xxxxxxxxxxxxx>]

justin@xxxxxxxxxxxxxxxxxx wrote:

> I converted a FreeBSD machine running NAT to DragonFly, and I noticed that
> on every boot, I'd end up with a firewall rule that would accept all
> packets.  Fine and good, but it kept data from making it to the divert
> rule that handled traffic 'behind' the machine.
>
> Looking at /etc/rc.firewall, it appears that having a firewall type of
> "open" set in your rc.conf will give you rule 1 'pass all from any to
> any', while it's rule 50 that gets natd working.  Nothing makes it past
> rule 1.

ipfw set move rule 1 to (n)

- where 'n' is greater than 50 and less than 65000

should solve your immediate need.

But check the rest of your installed ruleset first,
. ... especially if you are remoted in over ssh <g>

> The Handbook's (inherited) docs describe an open firewall setting as
> working with natd, and that is what worked when this was a FreeBSD 4
> machine.  Am I reading this correctly as an error?

FreeBSD leaves 'allow ip from any to any' until rule 65000,

Here DragonFlyBSD has it as rule 1.

Is this a philosophical change, or the wrong ruleset?

*SNIP*