The entry I added to my ruleset was:
# Allow outbound pings
ipfw add pass icmp from any to any in recv $external icmptypes 0
ipfw add pass icmp from any to any out xmit $external icmptypes 8
# Allow outbound traceroutes
ipfw add pass icmp from any to any in recv $internal icmptypes 3
ipfw add pass icmp from any to any in recv $internal icmptypes 11
I don't use fetch, so I'm not sure which port it uses, nor am I familiar with which
protocol it needs to use. Sorry. These two are self-explanatory. Hope this helps.
A Faithful Servant,
Mark-Nathaniel Weisman
President / CEO
Infinite Visions Educational Systems Inc.
Anchorage, AK
[EMAIL PROTECTED]
-----Original Message-----
From: Brian McCann [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2003 6:54 PM
To: [EMAIL PROTECTED]
Subject: NATD & IPFW
Hi all. I'm having an issue with security while trying to get natd to work with ipfw.
I got my ipfw rules working great, so I added the natd line in:
ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
But I can't do anything (ping, fetch, etc) until I add:
ipfw add pass all from any to any
Now, I may be wrong, but doesn't this pretty much open the box up? I tried changing
the first "any" to my internal network, but that didn't work, and I know I've got to
be missing something.
If anyone would like to help me off-list, I could send you a copy of my rule set if
you'd like.
Thanks in advance,
--Brian
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
