Date: Wed, 17 Sep 2003 17:23:25 +0800 From: Robert Storey <y2kbug@ms25.hinet.net> To: freebsd-questions@freebsd.org Subject: Re: firewall Message-ID: <20030917172325.5e2f64a9.y2kbug@ms25.hinet.net>
next in thread | raw e-mail | index | archive | help
In the continuing saga of my firewall configuration...
One kind member of this list suggested I must compile this into my
kernel:
options IPDIVERT
So I did that, and it made a difference though it didn't solve the
problem. Previously, whenever I started ppp, if I attempted to ping I
would get this error message:
bob@sonic:~> ping slashdot.org
ping: cannot resolve slashdot.org: Host name lookup failure
Now when I ping, I get no response - no error messages, but no other
feedback. I think this is an improvement, but something is still
preventing me from getting a response from ppp.
To reiterate, this is everything I've done so far:
FROM /etc/rc.conf:
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="simple"
natd_enable="YES"
natd_interface="ppp0"
FROM /etc/rc.firewall:
# set these to your outside interface network and netmask and ip
oif="ppp0"
onet="168.95.0.0"
omask="255.255.255.255"
oip="168.95.0.0"
# set these to your inside interface network and netmask and ip
iif="vr0"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.2"
Kernel recompile:
options IPDIVERT
CONTENT OF /etc/hosts:
#
::1 localhost localhost.utopia.com
127.0.0.1 localhost localhost.utopia.com
#
192.168.0.3 ibm.utopia.com ibm
192.168.0.2 sonic.utopia.com sonic
192.168.0.1 pro.utopia.com pro
I also used sysinstall to designate this machine as a gateway. Was that
the right thing to do?
thanks for all the advice so far,
still hoping,
Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917172325.5e2f64a9.y2kbug>