From owner-freebsd-isp  Wed Jun 28  6:28: 1 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from ns.internet.dk (ns.internet.dk [194.19.140.1])
	by hub.freebsd.org (Postfix) with ESMTP id 5CC3E37B78C
	for <freebsd-isp@FreeBSD.ORG>; Wed, 28 Jun 2000 06:27:56 -0700 (PDT)
	(envelope-from leifn@neland.dk)
Received: (from uucp@localhost)
	by ns.internet.dk (8.9.3/8.9.3) with UUCP id PAA44938;
	Wed, 28 Jun 2000 15:27:41 +0200 (CEST)
	(envelope-from leifn@neland.dk)
Received: from localhost (localhost [127.0.0.1])
	by arnold.neland.dk (8.9.3/8.9.3) with ESMTP id PAA48603;
	Wed, 28 Jun 2000 15:27:29 +0200 (CEST)
	(envelope-from leifn@neland.dk)
Date: Wed, 28 Jun 2000 15:27:28 +0200 (CEST)
From: Leif Neland <leifn@neland.dk>
To: Peter Salvage <wizard@sybaweb.co.za>
Cc: "freebsd-isp@freebsd.org" <freebsd-isp@FreeBSD.ORG>
Subject: Re: IPFW
In-Reply-To: <000601bfe0e4$c2f27c60$0200a8c0@ait.co.za>
Message-ID: <Pine.BSF.4.05.10006281521240.27618-100000@arnold.neland.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Wed, 28 Jun 2000, Peter Salvage wrote:

> Hi all
> 
> My apologies if this is OT. If so, please point me (gently) in the
> direction of the appropriate list.
> 
> A friend of mine installed FreeBSD with IPFW on a machine here to assist
> with securing my network.
> 
> The network is set up as follows:
>                  net
> (a)              |
>                router
> (b)              | (1st nic)
>             FreeBSD
> (c)              | (2nd nic)
>          mail server--proxy server
> (d)                                   | (2nd nic)
>                            internal network
> 
> (a) subnet 192.168.0.0/30
> (b) subnet 192.168.0.4/30
> (c) subnet 192.168.0.8/29
> (d) subnet 192.168.0.16/29
> 
> I'm unable to telnet to the router from the internal network, even
> though I've set an access list on the router allowing vty 0-4 access
> only from subnet (b). Therefore I'm assuming I've left something out of
> my rules list on the FreeBSD box.
> 
> Could someone please assist?
> 
A: Is routing ok, i.e. can you ping? from d to the router? I guess so...

B: If your access list on the router says only subnet (b) can access it,
then that's why subnet (d) can not access it. You didn't mention that you
were using NAT on the FreeBSD box, so if you telnet from (d), that's the
adress the router will see.

Leif




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message