From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 29 22:42:55 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7214916A4CE for ; Sat, 29 Jan 2005 22:42:55 +0000 (GMT) Received: from deliver-1.mx.triera.net (deliver-1.mx.triera.net [213.161.0.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id D330E43D55 for ; Sat, 29 Jan 2005 22:42:54 +0000 (GMT) (envelope-from andy@triera.net) Received: from localhost (in-3.mx.triera.net [213.161.0.27]) by deliver-1.mx.triera.net (Postfix) with ESMTP id AB6E5BFF0; Sat, 29 Jan 2005 23:42:42 +0100 (CET) Received: from smtp.triera.net (smtp.triera.net [213.161.0.30]) by in-3.mx.triera.net (Postfix) with SMTP id 1052A1BC084; Sat, 29 Jan 2005 23:42:47 +0100 (CET) Received: from voyager.kksonline.com (cpe1-5-51.cable.triera.net [213.161.5.51]) by smtp.triera.net (Postfix) with ESMTP id A608E1A18A7; Sat, 29 Jan 2005 23:42:46 +0100 (CET) Message-Id: <6.0.0.22.2.20050129233629.02f52990@pop3.triera.net> X-Sender: arozman@pop3.triera.net X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 29 Jan 2005 23:42:48 +0100 To: albi From: Aleksander Rozman - Andy In-Reply-To: <41FC0BF9.9040007@scii.nl> References: <6.0.0.22.2.20050129231029.02f50bc0@pop3.triera.net> <41FC0BF9.9040007@scii.nl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: Triera AV Service cc: freebsd-hackers@freebsd.org Subject: Re: Network problem after upgrade from 5.1 to 5.3 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2005 22:42:55 -0000 At 29.1.2005, you wrote: >Aleksander Rozman - Andy wrote: > >>Even after recompiled I couldn't use network. My FreeBSD is used as >>server and also router for my internal network (using NAT). >> >>firewall_type="/etc/firewall.conf" # Firewall type (see >>/etc/rc.firewall) > >------- cut ------- > >>firewall.conf (this is open firewall with added ports for redirection) >>========= >>add 00050 set 0 divert 8668 ip from any to any >>add 00100 set 0 allow ip from any to any >>add 00200 set 0 deny ip from any to 127.0.0.0/8 >>add 00300 set 0 deny ip from 127.0.0.0/8 to any >>add 10000 set 0 allow udp from any 4672 to 192.168.44.2 dst-port 4672 >>add 10001 set 0 allow tcp from any 4662 to 192.168.44.2 dst-port 4662 >>add 10002 set 0 allow tcp from any 4711 to 192.168.44.2 dst-port 4711 >>add 65000 set 0 allow ip from any to any > >shouldn't firewall_type= >not say something like : >firewall_type=client >or >firewall_type=open >as described in /etc/rc.firewall !? In older version of FreeBSD (5.1) you had open, simple, unknown, client but if you wanted custom setting from file, you specified file with commands. I tried several other options, including Open (which my file is copied from, plus some added stuff), and whenever I start firewall, all network stops (is blocked). By definition open should allow everything, but in 5.3 it doesn't. Andy >(assuming that your pasted firewall.conf content is >from /etc/firewall.conf) > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" ************************************************************************** * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, Earthie * * andy@kksonline.com * Sentinel, BH 90210, True's Trooper, * * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, PO5, * * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), Pretender * * ICQ-UIC: 4911125 ********************************************* * PGP key available * http://www.atechnet.dhs.org/~andy/ * **************************************************************************