From owner-freebsd-questions  Tue Dec 11 18:59: 5 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 2F26537B405
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Dec 2001 18:59:02 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fBC2x0n61866;
	Tue, 11 Dec 2001 18:59:00 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Tue, 11 Dec 2001 18:58:59 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Lorin Lund <wbs@infowest.com>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: ping says 'Permission Denied'
In-Reply-To: <20011212024938.A033A20F67@ns1.infowest.com>
Message-ID: <20011211185508.I16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 11 Dec 2001, Lorin Lund wrote:

> I'm using 4.4 RELEASE.  I want to use natd (with a DSL connection)
> so I built a new kernel with
> option  IPFIREWALL
> option  IPDIVERT

okay. you added a network firewall.

> When I reboot I can't ping that machine from outside.  When I try
> to ping other addresses from the box with the new kernel ping
> gives an error message about 'Permission denied'.
>
> Does anyone have experience with this?

you don't allow outgoing/incoming icmp. please read up on ipfw(8) and take
a look at the LINT kernel file for IPFIREWALL_DEFAULT_TO_ACCEPT for an
"open" firewall.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html

has a decent introduction to firewalling on freebsd.

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message