ipfw with NAT and ARP
From: Andrea E. (andrea_at_ae4u.de)
Date: 04/29/04
- Previous message: Bill Moran: "Re: Weird messages in daily run report."
- Next in thread: Charles Swiger: "Re: ipfw with NAT and ARP"
- Reply: Charles Swiger: "Re: ipfw with NAT and ARP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 29 Apr 2004 21:30:55 +0000 To: freebsd-questions@FreeBSD.org
Hi,
I am a newbie and my question is very easy perhaps. I work with FreeBSD
5.2.1
I would like to configure a firewall with to interfaces (xl0 = LAN, xl1
= External)
For NAT I have configured like discribed in the manualpage of natd:
ipfw -f flush
ipfw add divert natd all from any to any via xl1
ipfw add allow all from any to any
-> all is fine.
But, I wont so a simple firewall and for this reason, first I want to
configure the ICMP-protocol:
ip_ext => External IP-Address
ipfw -f flush
ipfw add divert natd all from any to any via xl1
ipfw add allow icmp from $ip_ext to any icmptypes 8 out via xl1
ipfw add allow icmp from any to $ip_ext icmptypes 0 in via xl1
-> It's not ok. With "ethereal" no pakets are going out (test from an
other system, connected with a HUP.)
When testing "ping" from external to external IP-Adress of my firewall,
the ARP-request: to broadcast Who has xxx.xxx.xxx.xxx? Tell
xxx.xxx.xxx.xxx fails
-> seems to have a problem to let ARP through the firewall.
Above -> "ipfw add allow all from any to any" let ARP through the
firewall. So I think, thats the configuration of the rest of my computer
(like kernel, rc.conf, etc. ist ok)
And there are no ARP-protocol in /etc/protocols, so I don't know, what I
can do now.
There is a bug:
After restarting system with above configuration of icmp-protocol no
ping-request is going out. After a flush of all rules and configuring of
"ipfw add allow all from any to any" ping-request get an answer.
Very interesting is to flush all rules und to configure the firewall
like the first configuring (to allow special rules for icmp-protocol ->
all works very fine. ping-request get an answer. Whenn restarting system
the ping-request get no answer again, I mean, the ping-request is not
send out.
Can anybody help me? Hope to get an answer.
I hope you can understand me, my English isn't very well.
Greatings from Berlin,
Andrea E.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Bill Moran: "Re: Weird messages in daily run report."
- Next in thread: Charles Swiger: "Re: ipfw with NAT and ARP"
- Reply: Charles Swiger: "Re: ipfw with NAT and ARP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
