From owner-freebsd-questions Tue Jan 30 16: 8:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from itouch.co.nz (itouch.co.nz [203.99.66.188]) by hub.freebsd.org (Postfix) with ESMTP id 2041637B69C for ; Tue, 30 Jan 2001 16:08:35 -0800 (PST) Received: (from jonc@localhost) by itouch.co.nz (8.11.1/8.11.1) id f0V07s921451; Wed, 31 Jan 2001 13:07:54 +1300 (NZDT) (envelope-from jonc) Date: Wed, 31 Jan 2001 13:07:54 +1300 From: Jonathan Chen To: Stephen Brandi Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled. Message-ID: <20010131130754.A21381@itouchnz.itouch> References: <20010130085704.D91522@itouchnz.itouch> <000a01c08b19$2cca1ba0$0200a8c0@stinky.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000a01c08b19$2cca1ba0$0200a8c0@stinky.org>; from brandi@melomel.com on Tue, Jan 30, 2001 at 07:03:00PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 30, 2001 at 07:03:00PM -0500, Stephen Brandi wrote: > Thanks, I did that. It still wasn't working. > > I finally got it fixed. Setting IPFIREWALL_DEFAULT_TO_ACCEPT did it. I'm not > sure why. That's 'cause you're now effectively allowing indisicriminate traffic thru' your box. If you're setting it up up as a f/w that's not good. You should take out that option, do what I suggested below, and then tighten the rules as required. -- Jonathan Chen ---------------------------------------------------------------------- "I don't want to achive immortality through my works.. I want to achieve it through not dying" - Woody Allen > >Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled. > > > > On Fri, Jan 26, 2001 at 10:48:43AM -0500, Stephen Brandi wrote: > > > > > > I have been having a problem that has been baffling me. I have a freebsd > > > 4.1 machine running natd and a totally open firewall (temporarily). When > I > > > boot with kernel.GENERIC networking (local net and cable modem to > > > internet) work fine, but no routing happens (as expected). When I boot > > > with my custom kernel with options IPDIVERT and IPFIREWALL enabled, I am > > > unable to use either network interface. I can't even ping localhost. > > > I ran a diff on GENERIC and MYKERNEL and these were the only > differences. > > > > > > Gateway, natd, and firewall are enabled in rc.conf > > > > When you install a IPFIREWALL'd kernel, you have to make sure that > > either your firewall rules are set up, or that you have in > > /etc/rc.conf: > > > > firewall_enable="YES" > > firewall_type="OPEN" > > > > -- > > Jonathan Chen > > ---------------------------------------------------------------------- > > The human mind ordinarily operates at only ten percent of its capacity > > -- the rest is overhead for the operating system. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message