Date: Wed, 31 Jan 2001 13:07:54 +1300 From: Jonathan Chen <jonathan.chen@itouch.co.nz> To: Stephen Brandi <brandi@melomel.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled. Message-ID: <20010131130754.A21381@itouchnz.itouch> In-Reply-To: <000a01c08b19$2cca1ba0$0200a8c0@stinky.org>; from brandi@melomel.com on Tue, Jan 30, 2001 at 07:03:00PM -0500 References: <Pine.BSF.4.10.10101261036180.18331-100000@vuae.pair.com> <20010130085704.D91522@itouchnz.itouch> <000a01c08b19$2cca1ba0$0200a8c0@stinky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 30, 2001 at 07:03:00PM -0500, Stephen Brandi wrote:
> Thanks, I did that. It still wasn't working.
>
> I finally got it fixed. Setting IPFIREWALL_DEFAULT_TO_ACCEPT did it. I'm not
> sure why.
That's 'cause you're now effectively allowing indisicriminate traffic
thru' your box. If you're setting it up up as a f/w that's not good.
You should take out that option, do what I suggested below, and then
tighten the rules as required.
--
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
"I don't want to achive immortality through my works..
I want to achieve it through not dying" - Woody Allen
> >Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled.
>
>
> > On Fri, Jan 26, 2001 at 10:48:43AM -0500, Stephen Brandi wrote:
> > >
> > > I have been having a problem that has been baffling me. I have a freebsd
> > > 4.1 machine running natd and a totally open firewall (temporarily). When
> I
> > > boot with kernel.GENERIC networking (local net and cable modem to
> > > internet) work fine, but no routing happens (as expected). When I boot
> > > with my custom kernel with options IPDIVERT and IPFIREWALL enabled, I am
> > > unable to use either network interface. I can't even ping localhost.
> > > I ran a diff on GENERIC and MYKERNEL and these were the only
> differences.
> > >
> > > Gateway, natd, and firewall are enabled in rc.conf
> >
> > When you install a IPFIREWALL'd kernel, you have to make sure that
> > either your firewall rules are set up, or that you have in
> > /etc/rc.conf:
> >
> > firewall_enable="YES"
> > firewall_type="OPEN"
> >
> > --
> > Jonathan Chen <jonathan.chen@itouch.co.nz>
> > ----------------------------------------------------------------------
> > The human mind ordinarily operates at only ten percent of its capacity
> > -- the rest is overhead for the operating system.
> >
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010131130754.A21381>