From owner-freebsd-questions Sat Jan 11 14:57:50 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD94737B405 for ; Sat, 11 Jan 2003 14:57:48 -0800 (PST) Received: from smtp1.home.se (smtp1.home.se [195.66.35.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79CE243F1E for ; Sat, 11 Jan 2003 14:57:47 -0800 (PST) (envelope-from nikk@home.se) Received: from athlon nikk@home.se [217.215.6.22] by smtp1.home.se with NetMail SMTP Agent $Revision: 3.16 $ on Novell NetWare; Sat, 11 Jan 2003 23:50:01 -119304547 Message-ID: <003701c2b9c4$db6e6950$0100a8c0@athlon> From: "Nikolaj Farrell" To: Cc: "FreeBSD Questions" References: <001701c2b987$9fdf72e0$0100a8c0@athlon> <1042300066.51041.227.camel@localhost> <002a01c2b989$f2099e90$1200a8c0@gsicomp.on.ca> <000b01c2b98a$df9981c0$0100a8c0@athlon> <1042301568.51041.233.camel@localhost> <001201c2b98e$063311e0$0100a8c0@athlon> <1042303096.51041.237.camel@localhost> <000301c2b993$55e70610$0100a8c0@athlon> <20030111171152.GH25529@sub21-156.member.dsl-only.net> <001b01c2b995$0dbf6d30$0100a8c0@athlon> <1042305860.51041.240.camel@localhost> <001801c2b999$95567000$0100a8c0@athlon> <1042310110.51041.250.camel@localhost> <002b01c2b9c3$56722e40$0100a8c0@athlon> <1042325630.51041.257.camel@localhost> Subject: Re: Problems w NIC Date: Sat, 11 Jan 2003 23:57:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Thanks for clarifying things. > > I think I understand now. Here's what I (and others as well) believe is > the root of the problem - its ipfw. > > By default its got a rule that reads DENY EVERYTHING. If you run "ipfw > show" then it'll be right at the bottom. Unless you expressly allow > traffic with ipfw statements, then you'll get packets not being > forwarded onto respective destinations. Also if you've not actually > configured the rule-set (E.G. for logging) then that explains why > nothing appears in the logs. > > You mentioned that you've not configured any rules for the internal > network, so you've answered you own questions here. Post the output from > the above ipfw cmd, and I'm sure there'll be lots of assistance for you. > > Regards, > > Stacey > > Actually... I have compiled ipfw _default to accept_...... and besides, no other computers on my LAN would work otherwise either. Just for the sake of it though, here is my ruleset su-2.05b# ipfw list 00190 divert 8668 ip from any to any via xl0 00301 deny log logamount 100 tcp from any to any 515 in recv xl0 00310 allow tcp from 212.181.54.2 53 to any in recv xl0 00311 allow tcp from 212.181.54.3 53 to any in recv xl0 00320 allow log logamount 100 tcp from any to any 22 in recv xl0 00321 allow log logamount 100 tcp from any to any 21 in recv xl0 00322 allow log logamount 100 tcp from any to any 113 in recv xl0 setup 00323 allow log logamount 100 tcp from any to any 80 in recv xl0 00324 allow tcp from any to any 25 via xl0 00325 allow tcp from any to any 995 via xl0 00395 deny log logamount 100 tcp from any to any 0-1024 in recv xl0 setup 00396 deny log logamount 100 tcp from any to any 2049 in recv xl0 00400 allow udp from 212.181.54.2 53 to any in recv xl0 00401 allow udp from 212.181.54.3 53 to any in recv xl0 00410 allow udp from any to any 123 in recv xl0 00499 deny log logamount 100 udp from any to any in recv xl0 00610 allow icmp from 212.181.54.2 to any in recv xl0 00611 allow icmp from 212.181.54.3 to any in recv xl0 00620 allow log logamount 100 icmp from any to any in recv xl0 icmptype 3 00621 allow log logamount 100 icmp from any to any in recv xl0 icmptype 8 65535 allow ip from any to any regards /Nikolaj To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message