Date: Sun, 13 Apr 2003 03:25:47 -0400 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: network problem after hosing rc.firewall Message-ID: <20030413072547.GA500@keyslapper.org>
next in thread | raw e-mail | index | archive | help
Hey everyone. I totally fsck'd up my network setup because I forgot
to back up /etc and got a little quick on the keyboard while running
mergemaster.
No one to blame but myself, but the one file that got hosed was the
firewall script that took me months to tweak out the way I wanted it.
You'd think I'd have kept at least a fairly recent copy. Nah.
Adventures in computing, right?
I've got it mostly put back together, but one problem I'm having is
the internal network translation through ppp.
The PPP configuration hasn't been touched, so that shouldn't be a
problem. The only thing I can think of is the firewall.
The problem I am experiencing on the systems behind the firewall
machine is a dns lookup failure. I haven't a clue why. Pings work
fine, but nothing that requires a lookup. The internal machines mount
one or two samba partitions from this machine too, but they don't
work. Cygwin nslookups return this:
Can't find server name for <dns server ip>: Timed out.
I am using the rule from the installed rc.firewall:
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
DNS lookups work fine from this machine.
I am running a caching only nameserver on this machine as well, but it
doesn't seem to be helping.
Here's my ifconfig:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.8.20.5 netmask 0xffffff00 broadcast 10.8.20.255
inet6 fe80::2a0:c9ff:fe74:12a3%fxp0 prefixlen 64 scopeid 0x1
ether 00:a0:c9:74:12:a3
media: Ethernet autoselect (100baseTX)
status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<rxcsum,txcsum>
inet6 fe80::2c0:4fff:fe40:d9a%xl0 prefixlen 64 scopeid 0x2
ether 00:c0:4f:40:0d:9a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 68.160.24.154 --> 10.9.76.1 netmask 0xffffffff
Opened by PID 918
The loopbacks are there, I just left them out here.
oif is tun0, iif is fxp. The natd settings in /etc/rc.d are:
natd_program="/sbin/natd"
natd_interface="tun0"
natd_enable=YES
natd_flags="-u -s -same_ports -dynamic -n xl0 -log_facility security"
and the ppp settings:
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="verizon"
ppp_user="root"
Any ideas? I have the nagging feeling I've had this one before, but I
can't remember it, and can't find any information in my copious saved
email.
Thanks all.
Lou
--
Louis LeBlanc leblanc@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Serocki's Stricture:
Marriage is always a bachelor's last option.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030413072547.GA500>