Hi List
Has anyone come across a recent ( not old please )
Howto/Info/Manual/Example on using IPFW _dynamic_ rules function with NAT ?
If so, please could you point me in the right direction.
Thanks.
Kind Regards,
Nelis
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd
Hello Everyone.
I really some help with my IPFW setup. I'm using FreeBSD 4.9 and IPFW (not
2). The background is I run a residential network for students on campus,
where the FreeBSD box sits between their LAN, and the rest of College (and
therefore the Internet). We are having terrible trouble
Hi all need a little help ,)
what I currently have
internet --- cable modem(via DHCP) ---[ed0 Smoothwall0.9.9se ed1] ---
10/100Switch --- int network
what I want to have
internet --- cable modem --- [ "dc0"{FreeBSD4.7-RELEASE}"dc1"]-
10/100Switch internal network
# set these to your out
At 11:18 AM 12.8.2002 -0700, bowen wrote:
>Hi all need a little help ,)
>
>what I currently have
>internet --- cable modem(via DHCP) ---[ed0 Smoothwall0.9.9se ed1] ---
>10/100Switch --- int network
>
>what I want to have
>internet --- cable modem --- [ "dc0"{FreeBSD4.7-RELEASE}"dc1"]-
>10/100Sw
Samba.
With the ipfw rules appended below, I can't NAT, nor should I
be able to. ("em0" faces the Internet; "em1" faces the other
machine.)
However: using these I still can't get through
ipfw add 5000 nat 15 all from any to any
ipfw nat 15
On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>
> I have a machine running
>
> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64
>
> It has this in the config file for the running kernel:
>
> options IPFIREWALL #firewall
> options IPFIREWALL_V
added, I should be able to get out, but
> can't.
> Clear?
I think so. What's your outgoing ip? The rules you posted:
>ipfw add 5000 nat 15 all from any to any
>ipfw nat 15 config log same_ports ip 10.0.0.0/8
^^
Looks s
Hi,
I seem to have stumbled upon a tiny problem that just will not go
away. I was hoping there would be an answer somewhere before I put my
deep-into-the-dirt-boots on.
The software setup of the problem:
FreeBSD 5.4 Release
ipfw
natd
named
jail
Mysql 4.1 Server
Mysql 4.1 client
Hardware
1 extern
Well i read couple of how,to artical on the internet
regarding setting up a ipfw firewall with nat to allow
your private network client to setup internet access ,
but their isnt one thing clear to me , which was not
present in any of the articals , which is how there
internal clients gona resolve
hi all
i have my test machine set up as a gateway box, with ipfw/natd configured on it, set
up to filter/redirect packets bound for a client on my internal network.
external ip of my internal client is aliased to the outside nic of the gateway box
gateway machine's kernel has been recompiled wi
I would appreciate any insight you folk here might have for the following
problem. What I am trying to do is have wireless clients on one network
print to a JetDirect-connected printer on another network as follows:
Machine A is a NATing firewall (FBSD 8.0) for nonroutable network A -
192.168.0
Hiya
I've got a pretty standard network which uses a FreeBSD server to perform NAT
between my internal IPs (192.168.0.x) and the outside world. Everything is
working tickety-boo, but I'm trying to tweak my firewall rules (ipfw, based on
the 'SsIiMmPpLlEe' firewall template in rc.firewall) to
writes:
> >> If not ... how do I figure out what's wrong?
> What is your ipfw rules?
They were appended to the original post.
Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://
Здравствуйте, Ruben.
>> If not ... how do I figure out what's wrong?
What is your ipfw rules?
Вы писали 17 сентября 2009 г., 20:45:01:
RdG> On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>>
>> I have a machine running
>>
>> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58
faisal gillani wrote:
Well i read couple of how,to artical on the internet
regarding setting up a ipfw firewall with nat to allow
your private network client to setup internet access ,
but their isnt one thing clear to me , which was not
present in any of the articals , which is how there
internal
Dear Ladies and Gentlemen,
I am writing to request for advise/recommendations on the subject. I've
been tasked to build a router/firewall based on FreeBSD. I'd like to use
5.2-RELEASE.
Now my only problem is that I have played a little with ipfw in a
situation where I have just two interfaces, 1
Hello everyone,
I have a quick question regarding the setup of nat with ipfw.
According to the handbook:
"The following options must be in the kernel configuration file:
options IPFIREWALL
options IPDIVERT"
however, there is a kernel module called ipdivert.ko similar to
ipfw.ko for the firewall.
> I've got a pretty standard network which uses a FreeBSD server to perform
> NAT between my internal IPs (192.168.0.x) and the outside world. Everything
> is working tickety-boo, but I'm trying to tweak my firewall rules (ipfw,
> based on the 'SsIiMmPpLlEe' firewall template in rc.firewall) to al
> I am writing to request for advise/recommendations on the
> subject. I've
> been tasked to build a router/firewall based on FreeBSD. I'd
> like to use
> 5.2-RELEASE.
>
> Now my only problem is that I have played a little with ipfw in a
> situation where I have just two interfaces, 1 external a
On Tue, Mar 30, 2004 at 11:06:16AM +0300, Odhiambo Washington wrote:
> Now my only problem is that I have played a little with ipfw in a
> situation where I have just two interfaces, 1 external and 1 internal.
> My current requirement however involves one external interface and
> four (or more) in
Hi, I'm an ipfw user that finally got the opportunity to set up NAT on
an interface with a public IP. I was doing some multi-homing experiments
using ipfw fwd combined with outbound ipfw nat - and since I needed to
run both, and both immediately ended ipfw ruleset execution, I had to
tur
n j wrote:
Hello everyone,
I have a quick question regarding the setup of nat with ipfw.
According to the handbook:
"The following options must be in the kernel configuration file:
options IPFIREWALL
options IPDIVERT"
however, there is a kernel module called ipdivert.ko similar to
ipfw.ko for
>> however, there is a kernel module called ipdivert.ko
>> Is it still necessary to recompile the kernel in order to use nat with
>> ipfw? Or, to put it another way, is there a possibility to use nat and
>> keep the generic kernel?
> You can choose to use the modules or make it static by recompile
combined with outbound ipfw nat - and since I needed to
> run both, and both immediately ended ipfw ruleset execution, I had to
> turn off net.inet.ip.fw.one_pass.
>
> This is where I discovered that with that setting turned off, my inbound
> NAT rule stopped working. Seems that wit
Some points:
1) I did use the handbook as reference, and my ruleset mimics the layout
used there.
2) Handbook uses divert natd, which I used until I switched to the
kernel nat approach.
3) I did not find any concrete examples of ipfw nat rule usage, so I'm
using them the old natd way.
dbook uses divert natd, which I used until I switched to the kernel nat
> approach.
Assuming that was working, is changing to ipfw nat the only difference?
Or is that when you added fwd to the mix? Is 192.168.0.55 another box
on the LAN, or an IP alias on this box? What says 'netstat -fine
"/etc/ipfw.rules"
firewall_nat_enable="YES"
firewall_nat_interface="wlan0"
/etc/resolve.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
/etc/ipfw.conf
ipfw -q -f flush
ipfw add 1 allow all from 127.0.0.1 to 127.0.0.1 via lo0
ipfw add
box, I can see packets arriving at
the destination, so the forwarding part (routes) works fine. However,
when I add an ipfw rule to send these packets to the nat instance, the
packets disappear instead of arriving nat'ted to the same destination.
Did anyone have any success in getting the in
> "Michael" == Michael writes:
Michael> Does anybody has a working configuration with ipfw nated jails
Michael> on loopback interface?
I noticed in my pf.conf that I had "set skip on lo".
I changed that to "set skip on lo0" (still advisable), and then created
an "lo1" using
ipv4_addrs_l
ipfw add 2 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state
ipfw nat 100 config ip 192.168.1.111
ipfw add 3 allow all from any to any
Jailed system configuration:
/etc/rc.conf
network_interfaces=""
/etc/resolve.conf
nameserver 208.67.222.222
nameserver
On 19/07/2010 10:05, Aiza wrote:
you have to put your hosts /etc/resolve.conf in each jail before you can
get network connection.
I did. It contains:
nameserver 208.67.222.222
nameserver 208.67.220.220
I believe that it's not a problem with jail configuration because NAT
works fine on the
31 matches
Mail list logo
