OpenBSD Firewall (NLC)
Pyne, Jeffrey
Jeffrey.Pyne@schwab.com
Fri, 11 Feb 2000 08:39:53 -0700
A couple weeks ago, someone (Bob George?) posted a message about building an
OpenBSD firewall. I've begun my own project to build one and I've hit a bit
of a snag. I got the OS installed (I LOVE being able to install the *BSD's
via ftp!!). I got my interfaces configured. I've got my routing set up. I
turned on IP forwarding, IP nat and IP filter. I can get to The Outside
World directly from the firewall. I can get to the firewall from my LAN. I
just haven't figured out how to get to The Outside World from my LAN. I set
up /etc/ipnat.rules and /etc/ipf.rules per the OpenBSD.org instructions. I
have looked at the /usr/share/ipf/* examples. I have read the ipf, ipnat
and ipfstat man pages. When I run ipnat -ls, it shows that my NAT rules are
loaded correctly, but the statistics show that there are 0 matching entries
in and 0 matching entries out (so it hasn't been doing any actual NATing).
I've tried running tcpdump and I see my packets on the external interface
when I'm trying to ssh out to another machine on the Internet, but a tcpdump
on the remote machine shows nothing from my IP. However, I can ssh directly
from my firewall to the remote machine. If anyone has gotten something like
this to work and has any suggestions on what to check next, I'd love to hear
them. Since this has absolutely nothing at all to do with Linux, please
e-mail me off-list (at jtpyne@home.com) with any tips.
Thanks.
Jeff