OpenBSD Firewall (NLC)

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: JeffreyJeffrey.Pyne@schwab.com
Date:  
Subject: OpenBSD Firewall (NLC)
So, as I explained to Rick Gardner, with whom I had a short e-mail exchange
on Friday, the lesson I learned was never to try to admin a firewall with a
head full of phlegm. When I got home from work and opened up my
/etc/nat.rules file, I noticed right away that I had fat-fingered the
interface name. I had typed "en0" instead of "ne0". I corrected the typo,
and "BAM!!" it started working. So far, I like what I see (although I'm not
100% sure what I'm looking at). Dangerous D. was 100% correct-- following
the instructions on the OpenBSD site works perfectly (provided, of course,
that you don't experience any PEBCAKs).

> ----------
> From:     D. Taylor[SMTP:dtaylor@www.dssolutions.com]
> Reply To:     
> Sent:     Saturday, February 12, 2000 3:28 PM
> To:     ''
> Subject:     Re: OpenBSD Firewall (NLC)

>
>
> FWIW, I've set up two OpenBSD boxes as firewalls/NAT,
> one doing PPP dialup, and another for a cable modem
> (two Ethernet NICs in the OpenBSD box). I followed
> the instructions on OpenBSD's web site, and everything
> worked perfectly. The only slightly confusing part
> on the cable modem scenario was that you have to
> specify that the NAT is to be done on the "public"
> or "outbound" interface.
>
>
> D
>
> On Fri, 11 Feb 2000, Pyne, Jeffrey wrote:
>
> > Date: Fri, 11 Feb 2000 08:39:53 -0700
> > From: "Pyne, Jeffrey" <>
> > Reply-To: 
> > To: "''"
>      <>
> > Subject: OpenBSD Firewall (NLC)

> >
> > A couple weeks ago, someone (Bob George?) posted a message about
> building an
> > OpenBSD firewall. I've begun my own project to build one and I've hit a
> bit
> > of a snag. I got the OS installed (I LOVE being able to install the
> *BSD's
> > via ftp!!). I got my interfaces configured. I've got my routing set
> up. I
> > turned on IP forwarding, IP nat and IP filter. I can get to The Outside
> > World directly from the firewall. I can get to the firewall from my
> LAN. I
> > just haven't figured out how to get to The Outside World from my LAN. I
> set
> > up /etc/ipnat.rules and /etc/ipf.rules per the OpenBSD.org instructions.
> I
> > have looked at the /usr/share/ipf/* examples. I have read the ipf,
> ipnat
> > and ipfstat man pages. When I run ipnat -ls, it shows that my NAT rules
> are
> > loaded correctly, but the statistics show that there are 0 matching
> entries
> > in and 0 matching entries out (so it hasn't been doing any actual
> NATing).
> > I've tried running tcpdump and I see my packets on the external
> interface
> > when I'm trying to ssh out to another machine on the Internet, but a
> tcpdump
> > on the remote machine shows nothing from my IP. However, I can ssh
> directly
> > from my firewall to the remote machine. If anyone has gotten something
> like
> > this to work and has any suggestions on what to check next, I'd love to
> hear
> > them. Since this has absolutely nothing at all to do with Linux, please
> > e-mail me off-list (at ) with any tips.
> >
> > Thanks.
> > Jeff
> >
> > _______________________________________________
> > Plug-discuss mailing list -
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
> _______________________________________________
> Plug-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>