08-15-2002, 10:53 PM
|
#1 |
|
Triple-A Player
Join Date: Jan 2002
Location: .-tHE mOON-.
Posts: 70
|
natd and Firewall
Hi,
i had a nice Firewall set up with logging and different rulez. I noticed loadsa ipfw DENIED in my Console - which let me feel a little save  After reading how to setup a gateway to share the Cable line through my G4@"2-ethernet-cards(en0/en1)" with my Lan (right now only a pb) - which works pretty good - there was no ipfw warnings anymore. Instead i found natd [482]: failed to write packet back (Host is down) - NON STOP  . In fact the pb is online and i can surf .. strange.2nd Problem is, after waking up the Desktop - sometimes the DHCP Server won't give me a connection back - gives me an IP. I still didn't figure out why. Any1 got an Idea ? How do i get my DENIED warnings back ?!? :sniff: Gateway launch script: #!/bin/sh /usr/sbin/sysctl -w net.inet.ip.fw.verbose=1 /usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=0 /usr/sbin/natd -log -u -dynamic -interface en0 -redirect_address <LAN.IP> <DHCP.IP> /sbin/ipfw flush /sbin/ipfw /Library/StartupItems/Firewall/firewall.conf.test if [ -e /private/var/log/ipfw ]; then /bin/rm -rf /private/var/log/ipfw fi /bin/mkdir /private/var/log/ipfw /usr/bin/touch /private/var/log/ipfw/ipfw.log /bin/kill -1 `cat /var/run/syslog.pid` firewall.conf.test: add 991 divert natd all from any to any via en0 add 992 pass all from any to any add 993 allow all from any to any out add 1000 allow ip from any to any via lo0 add 1002 allow tcp from any to any established via en0 add 1003 allow all from any to any frag via en0 add 1004 allow icmp from any to any icmptype 3,4,11,12 via en0 add 1005 allow udp from any 67-68 to any 67-68 via en0 add 1006 allow ip from any to 255.255.255.255 via en0 add 2000 unreach host log ip from any to any ipopt ssrr,lsrr via en0 add 2001 allow udp from any 123 to any 1024-65535 via any add 2002 allow icmp from any to any via en0 and so on ... |
|
|
 |
|
|
Linear Mode
