Date: Sun, 13 Apr 2003 03:25:47 -0400 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: network problem after hosing rc.firewall Message-ID: <20030413072547.GA500@keyslapper.org>
next in thread | raw e-mail | index | archive | help
Hey everyone. I totally fsck'd up my network setup because I forgot to back up /etc and got a little quick on the keyboard while running mergemaster. No one to blame but myself, but the one file that got hosed was the firewall script that took me months to tweak out the way I wanted it. You'd think I'd have kept at least a fairly recent copy. Nah. Adventures in computing, right? I've got it mostly put back together, but one problem I'm having is the internal network translation through ppp. The PPP configuration hasn't been touched, so that shouldn't be a problem. The only thing I can think of is the firewall. The problem I am experiencing on the systems behind the firewall machine is a dns lookup failure. I haven't a clue why. Pings work fine, but nothing that requires a lookup. The internal machines mount one or two samba partitions from this machine too, but they don't work. Cygwin nslookups return this: Can't find server name for <dns server ip>: Timed out. I am using the rule from the installed rc.firewall: # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state DNS lookups work fine from this machine. I am running a caching only nameserver on this machine as well, but it doesn't seem to be helping. Here's my ifconfig: fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.8.20.5 netmask 0xffffff00 broadcast 10.8.20.255 inet6 fe80::2a0:c9ff:fe74:12a3%fxp0 prefixlen 64 scopeid 0x1 ether 00:a0:c9:74:12:a3 media: Ethernet autoselect (100baseTX) status: active xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3<rxcsum,txcsum> inet6 fe80::2c0:4fff:fe40:d9a%xl0 prefixlen 64 scopeid 0x2 ether 00:c0:4f:40:0d:9a media: Ethernet autoselect (100baseTX <full-duplex>) status: active ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492 inet 68.160.24.154 --> 10.9.76.1 netmask 0xffffffff Opened by PID 918 The loopbacks are there, I just left them out here. oif is tun0, iif is fxp. The natd settings in /etc/rc.d are: natd_program="/sbin/natd" natd_interface="tun0" natd_enable=YES natd_flags="-u -s -same_ports -dynamic -n xl0 -log_facility security" and the ppp settings: ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="verizon" ppp_user="root" Any ideas? I have the nagging feeling I've had this one before, but I can't remember it, and can't find any information in my copious saved email. Thanks all. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Serocki's Stricture: Marriage is always a bachelor's last option.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030413072547.GA500>