OpenBSD Firewall (NLC)

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMder.hans at <-
MMD. Taylor at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hansPLUGd@LuftHans.com
Date:  
Subject: OpenBSD Firewall (NLC)
On Fri, 11 Feb 2000, Pyne, Jeffrey wrote:

> A couple weeks ago, someone (Bob George?) posted a message about building an
> OpenBSD firewall. I've begun my own project to build one and I've hit a bit
> of a snag. I got the OS installed (I LOVE being able to install the *BSD's
> via ftp!!). I got my interfaces configured. I've got my routing set up. I

I do debian installs that way :). Actually, I use http, but ftp is also
available. Updates are simple as long as you have a decent amount of
bandwidth. If not run it at night :).

> turned on IP forwarding, IP nat and IP filter. I can get to The Outside
> World directly from the firewall. I can get to the firewall from my LAN. I
> just haven't figured out how to get to The Outside World from my LAN. I set
> up /etc/ipnat.rules and /etc/ipf.rules per the OpenBSD.org instructions. I
> have looked at the /usr/share/ipf/* examples. I have read the ipf, ipnat
> and ipfstat man pages. When I run ipnat -ls, it shows that my NAT rules are
> loaded correctly, but the statistics show that there are 0 matching entries
> in and 0 matching entries out (so it hasn't been doing any actual NATing).
> I've tried running tcpdump and I see my packets on the external interface
> when I'm trying to ssh out to another machine on the Internet, but a tcpdump
> on the remote machine shows nothing from my IP. However, I can ssh directly
> from my firewall to the remote machine. If anyone has gotten something like
> this to work and has any suggestions on what to check next, I'd love to hear
> them. Since this has absolutely nothing at all to do with Linux, please

Actually, though we are Phoenix LINUX Users Group, I think that we don't
have problems with questions for other Open Source *NIX implementations or
maybe even occasional closed source *NIX implementations. That said, try
the ASULUG mailing list as one of our major contributors is a *BSD bigot
:). http://ASULUG.asu.edu/

I'm in favor of us knowing more about *BSD so we know why not to run it
:). Some day I'm going to actually install *BSD long enough to play with
it...

ciao, 

der.hans
-- 
# +++++++++++=================================+++++++++++ #
#                                    #
#             http://home.pages.de/~lufthans/             #
#          Science is magic explained. - der.hans         #
# ===========+++++++++++++++++++++++++++++++++=========== #





This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-OpenBSD Firewall (NLC)Linux@Bookman's->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)