|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: rc.firewall rule question.
From: Peter Brezny (peter
sysadmin-inc.com)Date: Thu Oct 19 2000 - 18:13:17 CDT
- Next message: Archie Cobbs: "Re: natd/ipfw and mpd-netgraph for VPN question"
- Previous message: Len Conrad: "Re: I need Help on filter of E-mail!"
- Next in thread: Adam Laurie: "Re: rc.firewall rule question."
- Reply: Adam Laurie: "Re: rc.firewall rule question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
on a 4.1 box i've confirmed ipfw/nat working using a simplified rule script.
however, when i use the default rc.firewall script (modified for my machine)
using the 'simple' parameter designed to protect a network and allow nat, my
internal private network (10.90.1.0) doesn't work (i know could i be more
specific...).
i've added
${fwcmd} add allow icmp from any to any
at the next to the last entry of the ruleset to help with diagnosis.
when I comment out the line
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
it still doesn't work, however when i comment out the line
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
i can ping to external domains.
I guess my big question is, does this script actually allow private internal
domains to reach the outside world when properly configured?
Has anyone gotten this script to work properly.
Thanks in advance.
Peter Brezny
SysAdmin Services, Inc.
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Archie Cobbs: "Re: natd/ipfw and mpd-netgraph for VPN question"
- Previous message: Len Conrad: "Re: I need Help on filter of E-mail!"
- Next in thread: Adam Laurie: "Re: rc.firewall rule question."
- Reply: Adam Laurie: "Re: rc.firewall rule question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]