From owner-freebsd-questions  Wed Apr 17 22: 0:29 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp012.mail.yahoo.com (smtp012.mail.yahoo.com [216.136.173.32])
	by hub.freebsd.org (Postfix) with SMTP id 150F637B405
	for <freebsd-questions@freebsd.org>; Wed, 17 Apr 2002 22:00:25 -0700 (PDT)
Received: from 12-220-244-231.client.insightbb.com (HELO Kaiser) (donniejones18@12.220.244.231 with login)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 18 Apr 2002 05:00:24 -0000
Date: Thu, 18 Apr 2002 01:00:24 -0400
From: Donnie Jones <donniejones18@yahoo.com>
To: "saifuddin Abd. Salam" <saif_addin@yahoo.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: IPFILTER
Message-Id: <20020418010024.6596bd26.donniejones18@yahoo.com>
In-Reply-To: <20020418045119.88122.qmail@web11408.mail.yahoo.com>
References: <20020418045119.88122.qmail@web11408.mail.yahoo.com>
X-Mailer: Sylpheed version 0.6.6 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, 17 Apr 2002 21:51:19 -0700 (PDT)
"saifuddin Abd. Salam" <saif_addin@yahoo.com> wrote:

> I just setup gateway, and used ipfilter v.3.4.2 as
> firewall.
> 1. I was add options (IPFILTER, IPFILTER_LOG) at
> kernel, and recompiled too
> 2. I was created the script to block evetything,
> except for port 80, 110, and 25
> 3. For ping I was allowed
> 
> The problems:
> 
> 1. whenever i ping to outside the world from gateway
> machine, ok.
> 2. ping from gateway to internal network, ok.
> 3. I can't to ping, browsing to outside the world from
> my internal network
> 
> Have ideas to solve?
> 
> Regard's
> Saifuddin
> 

I've written a short howto for the freebsd gateway with ipnat at http://www.darthik.com under the 'freebsd' tab.

Feel free to check it out for help, I've put my configuration files there for reference.

As for your firewall, it would help to let us see your rules.  But, have you allowed access on the second ethernet for the LAN?  
In other words, are you giving full access to the local IP's for your LAN on the ethernet device that is connected to the LAN.

Hopefully this helps some,

--Donnie
  http://www.darthik.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message