So, as I explained to Rick Gardner, with whom I had a short e-mail exchange on Friday, the lesson I learned was never to try to admin a firewall with a head full of phlegm. When I got home from work and opened up my /etc/nat.rules file, I noticed right away that I had fat-fingered the interface name. I had typed "en0" instead of "ne0". I corrected the typo, and "BAM!!" it started working. So far, I like what I see (although I'm not 100% sure what I'm looking at). Dangerous D. was 100% correct-- following the instructions on the OpenBSD site works perfectly (provided, of course, that you don't experience any PEBCAKs). > ---------- > From: D. Taylor[SMTP:dtaylor@www.dssolutions.com] > Reply To: plug-discuss@lists.PLUG.phoenix.az.us > Sent: Saturday, February 12, 2000 3:28 PM > To: 'plug-discuss@lists.PLUG.phoenix.az.us' > Subject: Re: OpenBSD Firewall (NLC) > > > FWIW, I've set up two OpenBSD boxes as firewalls/NAT, > one doing PPP dialup, and another for a cable modem > (two Ethernet NICs in the OpenBSD box). I followed > the instructions on OpenBSD's web site, and everything > worked perfectly. The only slightly confusing part > on the cable modem scenario was that you have to > specify that the NAT is to be done on the "public" > or "outbound" interface. > > > D > > On Fri, 11 Feb 2000, Pyne, Jeffrey wrote: > > > Date: Fri, 11 Feb 2000 08:39:53 -0700 > > From: "Pyne, Jeffrey" > > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > To: "'plug-discuss@lists.PLUG.phoenix.az.us'" > > > Subject: OpenBSD Firewall (NLC) > > > > A couple weeks ago, someone (Bob George?) posted a message about > building an > > OpenBSD firewall. I've begun my own project to build one and I've hit a > bit > > of a snag. I got the OS installed (I LOVE being able to install the > *BSD's > > via ftp!!). I got my interfaces configured. I've got my routing set > up. I > > turned on IP forwarding, IP nat and IP filter. I can get to The Outside > > World directly from the firewall. I can get to the firewall from my > LAN. I > > just haven't figured out how to get to The Outside World from my LAN. I > set > > up /etc/ipnat.rules and /etc/ipf.rules per the OpenBSD.org instructions. > I > > have looked at the /usr/share/ipf/* examples. I have read the ipf, > ipnat > > and ipfstat man pages. When I run ipnat -ls, it shows that my NAT rules > are > > loaded correctly, but the statistics show that there are 0 matching > entries > > in and 0 matching entries out (so it hasn't been doing any actual > NATing). > > I've tried running tcpdump and I see my packets on the external > interface > > when I'm trying to ssh out to another machine on the Internet, but a > tcpdump > > on the remote machine shows nothing from my IP. However, I can ssh > directly > > from my firewall to the remote machine. If anyone has gotten something > like > > this to work and has any suggestions on what to check next, I'd love to > hear > > them. Since this has absolutely nothing at all to do with Linux, please > > e-mail me off-list (at jtpyne@home.com) with any tips. > > > > Thanks. > > Jeff > > > > _______________________________________________ > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >