Re: [Fwbuilder-discussion] [fwd] begging for fwb wisdom ... ping from within?
Brought to you by:
mikehorn
From: OpenMacNews <fwb...@sp...> - 2004-07-11 16:40:14
|
hi there, > you need a basic NAT rule to permit your internal hosts to contact hosts out on the Internet, this rule will cover not only ping but any other protocols (unless you restrict it using some service object). You can find examples in the Users guide, chapter 10 "Examples of Network Translation Rules". ah. i'd already had/used the example from the online scenario examples that had a nat rule wit TranslatedSrc = "external interface" rather than the UserGuides' (1st) example of TranslatedSrc = "firewall with NAT". i did not think the internal interface & loopback interfaces were necessary for includsion in this rule ... but it seems to work! > If your external interface has dynamic address (and is marked as dynamic in the GUI), then compiler will generate MASQUERADE rule for you. aha thanks! |