From owner-freebsd-questions@FreeBSD.ORG  Wed Sep 17 02:22:33 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D9D6316A4B3
	for <freebsd-questions@freebsd.org>;
	Wed, 17 Sep 2003 02:22:33 -0700 (PDT)
Received: from msr93.hinet.net (msr93.hinet.net [168.95.4.193])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B63BC43F85
	for <freebsd-questions@freebsd.org>;
	Wed, 17 Sep 2003 02:22:32 -0700 (PDT)
	(envelope-from y2kbug@ms25.hinet.net)
Received: from sonic.utopia.com (61-227-219-110.HINET-IP.hinet.net
	[61.227.219.110])
	by msr93.hinet.net (8.9.3/8.9.3) with SMTP id RAA24195
	for <freebsd-questions@freebsd.org>;
	Wed, 17 Sep 2003 17:22:30 +0800 (CST)
Date: Wed, 17 Sep 2003 17:23:25 +0800
From: Robert Storey <y2kbug@ms25.hinet.net>
To: freebsd-questions@freebsd.org
Message-Id: <20030917172325.5e2f64a9.y2kbug@ms25.hinet.net>
X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-debian-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 09:22:34 -0000

In the continuing saga of my firewall configuration...

One kind member of this list suggested I must compile this into my
kernel:

    options IPDIVERT

So I did that, and it made a difference though it didn't solve the
problem. Previously, whenever I started ppp, if I attempted to ping I
would get this error message:

bob@sonic:~> ping slashdot.org
 ping: cannot resolve slashdot.org: Host name lookup failure

Now when I ping, I get no response - no error messages, but no other
feedback. I think this is an improvement, but something is still
preventing me from getting a response from ppp.

To reiterate, this is everything I've done so far:

FROM /etc/rc.conf:

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="simple"
natd_enable="YES"
natd_interface="ppp0"

FROM /etc/rc.firewall:

# set these to your outside interface network and netmask and ip
oif="ppp0"
onet="168.95.0.0"
omask="255.255.255.255"
oip="168.95.0.0"

# set these to your inside interface network and netmask and ip
iif="vr0"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.2"

Kernel recompile:
    options IPDIVERT

CONTENT OF /etc/hosts:
#
::1			localhost localhost.utopia.com
127.0.0.1		localhost localhost.utopia.com
#
192.168.0.3	ibm.utopia.com	ibm
192.168.0.2	sonic.utopia.com	sonic
192.168.0.1	pro.utopia.com	pro

I also used sysinstall to designate this machine as a gateway. Was that
the right thing to do?

thanks for all the advice so far,
still hoping,
Robert