DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General
Reload this Page Couple of network questions (NAT, firewalls)
FAQ Search Today's Posts Mark Forums Read

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 13th July 2008
ivanatora ivanatora is offline
Real Name: Ivan
Fdisk Soldier
  
Join Date: Jul 2008
Location: Bulgaria
Posts: 51
Default Couple of network questions (NAT, firewalls)
First to say hello - I've been redirected here from bsdforums...
I'm a recent FreeBSD 7 user and I want to do in FreeBSD things I've done on Linux
Let's start with firewalls.
I've compiled my kernel to support both ipfw and ipf. The first surprise was loosing all networks upon reboot, but I understood that this is default policy of these firewalls. I solved that for ipfw with following FIREWALL_SCRIPT
Code:
ipfw add 65000 allow ip from any to any
I still can't understand how to disable ipf (I don't want it currently) and I have to type after every reboot:
Code:
ipf -D
I tried with ipfilter_enable="NO" in rc.conf but this is not the way. I was told to compile ipfilter as a module and not include this into the kernel itself. How to do it? Currently I have 'options IPFILTER' at the kernel config. If I drop this out I won't have ipfilter built in, but will it automatically compile as a modul? How to mark which features I want as modules?

Issue number 2 - NAT. I succeeded running natd and a simple divert rule for ipfw did the job:
Code:
ipfw add 500 divert natd all from any to any via re0
However I want only one machine to have access to this. I tried these:
Code:
pfw add 500 divert natd all from 192.168.0.5 to any via re0 pfw add 500 divert natd all from any to 192.168.0.5 via re0
(Ofcourse after flushing rules)
OK that is interesting. I was logged in from 192.168.0.5 and after I changed the divert rule I lost connection from 192.168.0.5 to the server (which is 1 meter away and doesn't have any other rules in the firewall list exept pass all). Why is that happening? I'm sshing directly to the internal address - 192.168.0.1 which is an alias of re0, which doesn't care of what NAT state is. It should be pingable even if no NAT is established. Right?

The second thing I tried is to pass some options to the natd daemon (like -redirect_address). For the purpose of that I first killed the natd daemon, and guess what - the secondary machine got cutoff again. So what is that connection between nat and ssh? I'm doing a simple peer to peer connection and there is nothing wrong with the IP settings.
Am I going into the right way with -redirect_address? I didn't manage to try this out after the connection was cut.
And how can I redirect a public address if my ISP have provided several? Is it with that -redirect_address option?
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Some Questions ?? ultranothing OpenBSD Security 6 4th September 2009 04:59 PM
Questions about BSD (in general) fbsduser FreeBSD General 16 21st January 2009 02:41 PM
FTP ruleset questions hitete OpenBSD Security 2 25th November 2008 05:30 PM
rc.conf questions starbuck FreeBSD General 2 29th July 2008 06:16 PM
A couple of errors, which I believe are associated with the BIOS Johnny2Bad FreeBSD Installation and Upgrading 1 15th May 2008 03:58 AM


All times are GMT. The time now is 05:26 AM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick