DragonFly BSD
DragonFly users List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: natd and open firewall problem

From: Bill Hacker <wbh@xxxxxxxxxxxxx>
Date: Sat, 26 Feb 2005 15:11:46 +0800

justin@xxxxxxxxxxxxxxxxxx wrote:

I converted a FreeBSD machine running NAT to DragonFly, and I noticed that
on every boot, I'd end up with a firewall rule that would accept all
packets.  Fine and good, but it kept data from making it to the divert
rule that handled traffic 'behind' the machine.

Looking at /etc/rc.firewall, it appears that having a firewall type of
"open" set in your rc.conf will give you rule 1 'pass all from any to
any', while it's rule 50 that gets natd working.  Nothing makes it past
rule 1.

ipfw set move rule 1 to (n)

- where 'n' is greater than 50 and less than 65000

should solve your immediate need.

But check the rest of your installed ruleset first,
. ... especially if you are remoted in over ssh <g>

The Handbook's (inherited) docs describe an open firewall setting as working with natd, and that is what worked when this was a FreeBSD 4 machine. Am I reading this correctly as an error?

FreeBSD leaves 'allow ip from any to any' until rule 65000,

Here DragonFlyBSD has it as rule 1.

Is this a philosophical change, or the wrong ruleset?


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]