From owner-freebsd-questions@FreeBSD.ORG Tue Mar 2 02:03:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C21416A4CE for ; Tue, 2 Mar 2004 02:03:30 -0800 (PST) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1778843D31 for ; Tue, 2 Mar 2004 02:03:30 -0800 (PST) (envelope-from rmvg@shaw.ca) Received: from pd4mr4so.prod.shaw.ca (pd4mr4so-qfe3.prod.shaw.ca [10.0.141.215]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTY008CE19TMA@l-daemon> for freebsd-questions@FreeBSD.org; Tue, 02 Mar 2004 03:03:29 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca (pn2ml9so-qfe0.prod.shaw.ca [10.0.121.7]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTY0079D19THM@l-daemon> for freebsd-questions@FreeBSD.org; Tue, 02 Mar 2004 03:03:29 -0700 (MST) Received: from shaw.ca (h68-146-233-172.cg.shawcable.net [68.146.233.172]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTY00E2T19TOS@l-daemon> for freebsd-questions@FreeBSD.org; Tue, 02 Mar 2004 03:03:29 -0700 (MST) Date: Tue, 02 Mar 2004 03:03:37 -0700 From: RYAN vAN GINNEKEN To: freebsd-questions@FreeBSD.org Message-id: <40445BF9.7090108@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) Subject: firewall problem?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 10:03:30 -0000 Built a new freebsd 4.9 stable machine got it working ok could send and recieve packets and the like. Did a cvsup and make world on it now it does not seem to be sending or recieveing anything. Have been playing around with it now for several weeks off and on. With a fresh reboot it does not seem too send or recieve anything when i try to ping google.ca i get cannot resolve google.ca :host name lookup failure when i ping 192.168.0.202 my gateway i get ping: send to: permission denied Seeing these error i think it must be firewalling everything out even me so I issue the following command. ipfw add 00100 allow ip from any to any Great now i can ping google and my own machines also most important i can login remotely. ipfw shows this v23# ipfw show 00100 291 27273 allow ip from any to any 65535 77 11673 deny ip from any to any contents of /etc/resolv.conf are as follows. search computerking.ca nameserver 192.168.0.202 nameserver 24.71.223.144 nameserver 24.71.223.144 Contents of my rc.conf file are included below. This machine is eventually going to be a server (sendmail bind apache samba ) for a differnt network so lots of stuff is commented out. I am new at running more than on BSD box on the same network and not sure if i need natd or firewall enabled. #============================================================================ #/etc/rc.conf @V23.computerking.ca #============================================================================== #------------------------------------------------------------------------------ System #------------------------------------------------------------------------------ hostname="v23.computerking.ca" defaultrouter="192.168.0.202" ifconfig_fxp0="DHCP" ntpdate_enable="YES" ntpdate_flags="ntp1.cmc.ec.gc.ca" sshd_enable="YES" #kern_securelevel_enable="NO" #------------------------------------------------------------------------------ #Server firewall and natd #------------------------------------------------------------------------------ #ifconfig_xl0="inet 192.168.0.202 netmask 255.255.255.0" #gateway_enable="YES" #firewall_enable="YES" #firewall_type="OPEN" #firewall_quiet="NO" #firewall_script="/etc/rc.firewall" #natd_enable="YES" #natd_interface="fxp0" #natd_flags="-f /etc/natd.conf #============================================================================== # end of file