Date: Sun, 20 Oct 2002 22:45:17 +0200 From: Alex <freebsd@akruijff.dds.nl> To: mh <bikeIN@canada.com> Cc: freebsd-questions@FreeBSD.org Subject: Re: Mac can't connect to Internet Message-ID: <8342521062.20021020224517@dds.nl> In-Reply-To: <1034958695.580.28.camel@hammarlund.radio.org> References: <1034958695.580.28.camel@hammarlund.radio.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Friday, October 18, 2002, 6:31:35 PM, you wrote:
I don't have the solution, but may have a way to the solution.
> I have FreeBSD, 4.7 Stable running as a gateway box, with a Debian box
> also on the network. The gateway is connected to a Comcast cable modem,
> and is running ipfw as a firewall. Both boxes can see/connect each other
> and the Internet.
> I added a Powerbook, OS X, to the local network, configured /etc/hosts
> and /etc/resolv.conf. PB can ping the other boxes ok, but can't see the
> Internet. The other boxes can ping the PB ok. Looks like a firewall
> problem. If I connect the PB to the cable modem directly, the PB
> connects ok.
Could you check the gateway setting of the mac?
> It appears that the PB is trying to send UDP packets out on port 67, so
> I tried to open up the firewall for UDP traffic (not a good idea?) but
> still can't see outside the local network. Attached is my rc.firewall.
> In /etc/rc.conf I have firewall_type="open" and added some rules to the
> "open" section in rc.firewall.
Is the mac able to use the internet without the firewall? (Remove the
firewall lines from rc.conf with '#' and try loading the GENERIC
kernel at the kernel prompt). If so reboot and change the
*deny/block/ect* line of the firewall and add the 'log' keyword(man
ipfw to find out how to use this) to each of them. Check
/var/log/security if you can see the mac being blocked by your
firewall. (It will tell you what rule blocked your mac).
I hope this is helpful, if not send me the output of 'ipfw s' and
'tail -n 100 /var/log/security' and i'll take a look.
> What am I doing wrong? Thanks.
> Michael Heyes
> ############
> # Flush out the list before we begin.
> #
> ${fwcmd} -f flush
> ############
> # Network Address Translation. All packets are passed to natd(8)
> # before they encounter your remaining rules. The firewall rules
> # will then be run again on each packet after translation by natd
> # starting at the rule number following the divert rule.
> #
> # For ``simple'' firewall type the divert rule should be put to a
> # different place to not interfere with address-checking rules.
> #
> case ${firewall_type} in
> [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
> case ${natd_enable} in
> [Yy][Ee][Ss])
> if [ -n "${natd_interface}" ]; then
> ${fwcmd} add 50 divert natd all from any to any
> via ${natd_interface}
> fi
> ;;
> esac
> ############
> # If you just configured ipfw in the kernel as a tool to solve network
> # problems or you just want to disallow some particular kinds of traffic
> # then you will want to change the default policy to open. You can also
> # do this as your only action by setting the firewall_type to ``open''.
> #
> # ${fwcmd} add 65000 pass all from any to any
> ############
> # Only in rare cases do you want to change these rules
> #
> ${fwcmd} add 100 pass all from any to any via lo0
> ${fwcmd} add 200 deny all from any to 127.0.0.0/8
> #${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
> # Prototype setups.
> #
> case ${firewall_type} in
> [Oo][Pp][Ee][Nn])
> ${fwcmd} add 300 check-state
> ${fwcmd} add 350 allow all from 192.168.0.0/16 to any
> ${fwcmd} add 352 allow ip from any to 192.168.0.0/16
> ${fwcmd} add 400 allow tcp from any to any in established
> ${fwcmd} add 410 pass tcp from any to any keep-state out setup
> ${fwcmd} add 420 pass udp from any to any 53 in recv dc0
> ${fwcmd} add 430 pass udp from any to any out
> ${fwcmd} add 440 pass icmp from any to any icmptypes 3
> ${fwcmd} add 450 pass icmp from any to any icmptypes 4
> ${fwcmd} add 460 pass icmp from any to any icmptypes 8
> ${fwcmd} add 470 pass icmp from any to any in icmptypes 0
> ${fwcmd} add 480 deny ip from any to any
> ${fwcmd} add 65000 pass all from any to any
> ;;
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
--
Best regards,
Alex
The FreeBSD handbook
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
How to get the best results from FreeBSD-Questions
http://www.lemis.com/questions.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8342521062.20021020224517>