From owner-freebsd-config@FreeBSD.ORG Tue Aug 5 11:03:21 2003 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D63537B401 for ; Tue, 5 Aug 2003 11:03:21 -0700 (PDT) Received: from materialised.hopto.org (pc2-stoc3-6-cust153.midd.cable.ntl.com [80.6.223.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FEAA43FB1 for ; Tue, 5 Aug 2003 11:03:20 -0700 (PDT) (envelope-from mick@materialised.hopto.org) Received: from materialised.hopto.org (materialised.hopto.org [198.168.1.1]) by materialised.hopto.org (8.12.9/8.12.9) with ESMTP id h75I1b0c001446 for ; Tue, 5 Aug 2003 19:01:45 +0100 (BST) (envelope-from mick@materialised.hopto.org) X-Authentication-Warning: materialised.hopto.org: materialised.hopto.org [198.168.1.1] didn't use HELO protocol From: Mick Walker To: freebsd-config@freebsd.org Content-Type: text/plain Message-Id: <1060106496.1360.7.camel@materialised.hopto.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.3.3 (Preview Release) Date: 05 Aug 2003 19:01:37 +0100 Content-Transfer-Encoding: 7bit Subject: IPFW Help X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 18:03:21 -0000 Hi everyone, Im a totally new user to freeBSD and am currentyly running 5.1 release 2 on a Intel based machine. I have been a linux user for many years and am quite familier with ipchains/tables. However migrating to freebsd is proving to be quite a challenge to me. Up until this point I have got everything working as it did on my linux gateway, I have configured natd to masquerade connections for the internal network, and set x to start up at boot. However one thing is evading me, I cant seem to add any firewall rules. Here is the contents of my /etc/rc.firewall file which is called by rc.local on boot, bash-2.05b$ cat /etc/rc.firewall /sbin/ipfw flush /sbin/ipfw add divert natd all from any to any via sis0 /sbin/ipfw add pass all from any to any /sbin/ipfw add 00322 deny log tcp from any to any 6000 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 0-1000 in recv sis0 setup /sbin/ipfw add 00499 deny log udp from any to any in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 3306 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 587 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 135-140 in recv sis0 /sbin/ipfw add 00310 allow tcp from 62.254.64.21 53 to any in recv sis0 /sbin/ipfw add 00322 allow log tcp from any to any 23 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 22 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 21 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 80 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 25 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 110 in recv sis0 setup /sbin/ipfw add 00400 allow udp from 62.254.64.21 53 to any in recv sis0 /sbin/ipfw add 00600 allow icmp from 62.254.64.21 to any in recv sis0 /sbin/ipfw add 00310 allow tcp from 62.254.64.21 53 to any in recv sis0 I have been told that I should rearrange these things so the deny and allow rules are before the pass all from any to any rule, however when I do this the whole system doesnt seem to have any internet access, I cant ping any system over the internet or connect to any services. Could someone please point out where I am going wrong? Thanks in advance Mick From owner-freebsd-config@FreeBSD.ORG Wed Aug 6 13:09:13 2003 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEC8C37B401 for ; Wed, 6 Aug 2003 13:09:13 -0700 (PDT) Received: from nas.net (kappa.nas.net [199.243.225.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id E51B243F3F for ; Wed, 6 Aug 2003 13:09:12 -0700 (PDT) (envelope-from freebsd@nas.net) Received: by nas.net (CommuniGate Pro PIPE 4.0.6) with PIPE id 4264955; Wed, 06 Aug 2003 16:09:11 -0400 Received: from [199.243.225.36] (HELO lambda) by nas.net (CommuniGate Pro SMTP 4.0.6) with SMTP id 4264950 for freebsd-config@freebsd.org; Wed, 06 Aug 2003 16:09:06 -0400 Message-ID: <0b5401c35c56$a8f6df40$0f01010a@lambda> From: "Irina" To: Date: Wed, 6 Aug 2003 16:09:36 -0400 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-TFF-CGPSA-Version: 1.0.6 (kappa.nas.net) X-Spam-Status: No, hits=0.7 required=6.0 tests=HTML_30_40,HTML_MESSAGE version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Spam-Report: ---- Start SpamAssassin results 0.70 points, 6 required; * 0.6 -- BODY: Message is 30% to 40% HTML * 0.1 -- BODY: HTML included in message ---- End of SpamAssassin results X-TFF-CGPSA-Filter: Scanned Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Installation problem on DL-380 G2. X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 20:09:14 -0000 Hello everybody. We have been struggling installing FreeBSD on DL-380 G2. After = collecting the info on partitions and packages/ports I want to install, = it starts extracting files. Then reboots on it's own and shows the = screen if I would like to change or skip kernel configuration. Tried to install Windows 2000 Server on the same machine, had no = problem. Now we wonder if there is any known problems with support of = Compaq 5i controller under FreeBSD? Thanks for the help in advance. I would really appreciate any advice. Regards, Irina. From owner-freebsd-config@FreeBSD.ORG Fri Aug 8 15:55:55 2003 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6B5737B401 for ; Fri, 8 Aug 2003 15:55:55 -0700 (PDT) Received: from lilzmailfe03.liwest.at (lilzmailfe03.liwest.at [212.33.55.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0E2843FD7 for ; Fri, 8 Aug 2003 15:55:54 -0700 (PDT) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe03.liwest.at with esmtp (Exim 4.14) id 19lG8V-0005nH-Uy; Sat, 09 Aug 2003 00:55:04 +0200 From: Daniela To: Mick Walker , freebsd-config@freebsd.org Date: Sat, 9 Aug 2003 00:53:24 +0000 User-Agent: KMail/1.5.2 References: <1060106496.1360.7.camel@materialised.hopto.org> In-Reply-To: <1060106496.1360.7.camel@materialised.hopto.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200308090053.24606.dgw@liwest.at> Subject: Re: IPFW Help X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 22:55:55 -0000 On Tuesday 05 August 2003 18:01, Mick Walker wrote: > Hi everyone, > Im a totally new user to freeBSD and am currentyly running 5.1 release 2 > on a Intel based machine. > I have been a linux user for many years and am quite familier with > ipchains/tables. However migrating to freebsd is proving to be quite a > challenge to me. > Up until this point I have got everything working as it did on my linux > gateway, I have configured natd to masquerade connections for the > internal network, and set x to start up at boot. > > However one thing is evading me, I cant seem to add any firewall rules. > Here is the contents of my /etc/rc.firewall file which is called by > rc.local on boot, ... > > I have been told that I should rearrange these things so the deny and > allow rules are before the pass all from any to any rule, however when I > do this the whole system doesnt seem to have any internet access, I cant > ping any system over the internet or connect to any services. > > Could someone please point out where I am going wrong? Look into your firewall logfile. I suspect you are denying outgoing DNS packets. Look for packets denied by rule 00499. If this doesn't lead to a solution, try posting your question to ipfw@freebsd.org. My personal recommendations (not necessary to solve your problem): Put the following line into your rc.conf: firewall_type="/etc/ipfw.rules" Put your firewall rules into the /etc/ipfw.rules file, instead of messing with rc.firewall (without the /sbin/ipfw in front of them). Be careful, it is insecure to allow everything not explicitly denied. Don't do it unless you absolutely need to. Instead, add "keep-state" to the end of all your TCP allow rules. Put the rule "add check-state" right after the divert rule. If you have something to protect, or don't want unnecessary downtime caused by attacks, follow the advice. It can possibly save you lots of headaches. Regards, Daniela