Firewall Wizards mailing list archives
Re: Freebsd stateful rules for IPFW
From: "Andrew Fremantle" <temp1274 () tempest yi org>
Date: Sat, 19 Jan 2002 21:32:42 -0800
hmmm... I don't think i've ever tried anything like that, but keep in mind : NATd itself is your "stateful" program in that configuration. Don't have IPFW trying to keep state on traffic that NATd is responsible for. Use IPFW to keep state of traffic from the firewall machine itself, so then you can just check-state and deny all other traffic to the firewall. (After passing incoming packets through NATd, or course....) Andrew ----- Original Message ----- From: "Doug L.Dean" <doug () deansoftware net> To: <firewall-wizards () nfr com> Sent: Saturday, January 19, 2002 9:33 AM Subject: [fw-wiz] Freebsd stateful rules for IPFW
Does anyone have a working rule set for freebsd (release 4.3 and above)
IPFW
that uses keep-state and also uses NAT for a gateway application? The gateway is a standard configuration. An outside ip address range, a
DMZ
range in a non-routable block (192.168.1.0/24), and an interior ip address range in a non-routable block (192.168.0.1/24). I have been getting very strange errors and suspect that IPFW statefule
rules
with NAT (where the outside address gets redirected to an interiour or dmz address) is broken with freebsd. Doug Dean _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Freebsd stateful rules for IPFW Doug L . Dean (Jan 19)
- Re: Freebsd stateful rules for IPFW Andrew Fremantle (Jan 20)