DragonFly BSD
DragonFly users List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

natd and open firewall problem


From: justin@xxxxxxxxxxxxxxxxxx
Date: Fri, 25 Feb 2005 23:12:30 -0500 (EST)

I converted a FreeBSD machine running NAT to DragonFly, and I noticed that
on every boot, I'd end up with a firewall rule that would accept all
packets.  Fine and good, but it kept data from making it to the divert
rule that handled traffic 'behind' the machine.

Looking at /etc/rc.firewall, it appears that having a firewall type of
"open" set in your rc.conf will give you rule 1 'pass all from any to
any', while it's rule 50 that gets natd working.  Nothing makes it past
rule 1.

The Handbook's (inherited) docs describe an open firewall setting as
working with natd, and that is what worked when this was a FreeBSD 4
machine.  Am I reading this correctly as an error?

case ${firewall_type} in
    [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
    case ${natd_enable} in
        [Yy][Ee][Ss])
        if [ -n "${natd_interface}" ]; then
            ${fwcmd} add 50 divert natd all from any to any via
${natd_interface
}
        fi
        ;;
    esac
esac

case ${firewall_type} in
    [Oo][Pp][Ee][Nn])
        allow_loopback
        deny_spoof
        ${fwcmd} add 1 pass all from any to any
    ;;





[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]