From owner-freebsd-questions Wed Jan 22 5:37:55 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C866737B401 for ; Wed, 22 Jan 2003 05:37:53 -0800 (PST) Received: from mail.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD33143F1E for ; Wed, 22 Jan 2003 05:37:47 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by mail.adelphia.net (8.12.3/8.12.3) with ESMTP id h0MDd5ko001871; Wed, 22 Jan 2003 08:39:06 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E2E9E9D.3020502@potentialtech.com> Date: Wed, 22 Jan 2003 08:37:33 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Davis Cc: freebsd-questions@freebsd.org Subject: Re: "simple" ipfw question References: <000501c2c214$99dbd290$0200a8c0@Tower> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Brian Davis wrote: > Greetings, > > I am attempting to build a dual-homed firewall using FreeBSD 4.7 > RELEASE. The PC is presently connected to a corporate LAN with DHCP and > DNS servers and a broadband connection to the Internet. > > The outside interface (rl0) is configured as follows: > IP address: a.b.148.62 (dynamically assigned) > Subnet: 255.255.248.0 > Gateway: a.b.144.254 > DNS: a.b.144.1 > > The inside interface (rl1) is configured as follows: > IP address: 192.168.1.1 > Subnet: 255.255.255.0 > > My private network consists of one workstation which is set up as > follows: > IP address: 192.168.1.2 > Subnet: 255.255.255.0 > Gateway: 192.168.168.1 > DNS: a.b.144.1 > > When I use the "open" ruleset in /etc/rc.firewall, the workstation on my > private network can get through the firewall to the LAN and the > Internet. When I switch to the "simple" ruleset, the firewall stops > forwarding packets. From the console, I can ping the outside and inside > interfaces, but nothing else. Everything looks normal in dmesg. > Additional info upon request! Did you tweak the /etc/rc.firewall script to insert your IP address ranges into it? (look for the "simple" section of the script and tweak the iif, iip, oif, oip, etc ... values) If that doesn't help, try posting the output of 'ipfw show' to the list. It'll make it a lot easier for folks to diagnose. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message