Re: Freebsd stateful rules for IPFW

["Andrew Fremantle" <temp1274 () tempest yi org>]

hmmm... I don't think i've ever tried anything like that, but keep in mind :
NATd itself is your "stateful" program in that configuration.

Don't have IPFW trying to keep state on traffic that NATd is responsible
for. Use IPFW to keep state of traffic from the firewall machine itself, so
then you can just check-state and deny all other traffic to the firewall.
(After passing incoming packets through NATd, or course....)

Andrew
----- Original Message -----
From: "Doug L.Dean" <doug () deansoftware net>
To: <firewall-wizards () nfr com>
Sent: Saturday, January 19, 2002 9:33 AM
Subject: [fw-wiz] Freebsd stateful rules for IPFW


> Does anyone have a working rule set for  freebsd (release 4.3 and above)
IPFW
> that uses keep-state and also uses NAT for a gateway application?
>
> The gateway is a standard configuration. An outside ip address range, a
DMZ
> range in a non-routable block (192.168.1.0/24), and an interior ip address
> range in a non-routable block (192.168.0.1/24).
>
> I have been getting very strange errors and suspect that IPFW statefule
rules
> with NAT (where the outside address gets redirected to an interiour or dmz
> address) is broken with freebsd.
>
>
> Doug Dean
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards