From owner-freebsd-questions@FreeBSD.ORG Tue May 6 19:53:57 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5437937B404 for ; Tue, 6 May 2003 19:53:57 -0700 (PDT) Received: from mail.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E47F43F75 for ; Tue, 6 May 2003 19:53:56 -0700 (PDT) (envelope-from munk@mail.munk.nu) Received: from munk by mail.munk.nu with local (Exim 4.14) id 19DF5s-000DFX-R9 for freebsd-questions@freebsd.org; Wed, 07 May 2003 03:55:44 +0100 Date: Wed, 7 May 2003 03:55:44 +0100 From: Jez Hancock To: freebsd-questions@freebsd.org Message-ID: <20030507025544.GB50255@users.munk.nu> Mail-Followup-To: freebsd-questions@freebsd.org References: <3EB85E97.29721.6CB887E@localhost> <3EB87C2C.16955.73F15B3@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EB87C2C.16955.73F15B3@localhost> User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: no route to host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2003 02:53:57 -0000 On Wed, May 07, 2003 at 03:23:24AM +0200, Ronald Weinrich wrote: > I build the kernel with > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK Do you have an ipf ruleset loading on boot? > in rc.conf is > hostname="firewall" > defaultrouter="213.47.28.161" ?????? > gateway_enable="YES" > ipnat_enable="YES" > ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240" > kern_securelevel_enable="NO" > linux_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" It looks like the answer is no ;/ If this is the case then because of the 'IPFILTER_DEFAULT_BLOCK' line in your kern conf everything will be blocked by default. Try adding a simple /etc/ipf.rules ruleset: pass out all pass in all and make sure you add this to /etc/rc.conf: ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" To implement the 'allow all' ruleset either reboot or just do: ipf -Fa -f /etc/ipf.rules With luck this should allow you connectivity. Regards, Jez PS > ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240" Do you have an ifconfig line in /etc/rc.conf for your local network interface??? In your other post with the network diagram you say you have 'ep0' interface configured for your LAN, but in the rc.conf snippet above you have no entry for the ep0 interface and your ifconfig output suggests ep0 isn't active (or even present).