From owner-freebsd-questions Wed Oct 10 5:30:54 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id E77D137B407 for ; Wed, 10 Oct 2001 05:30:49 -0700 (PDT) Received: from acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id f9ACV5h17427 for ; Wed, 10 Oct 2001 08:31:06 -0400 (EDT) Received: (from leblanc@localhost) by acadia.ne.mediaone.net (8.11.6/8.11.6) id f9ACUTe00704; Wed, 10 Oct 2001 08:30:29 -0400 (EDT) (envelope-from leblanc) Date: Wed, 10 Oct 2001 08:30:29 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: ipfw question - hostname/address spec? Message-ID: <20011010083029.A613@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: freebsd-questions@FreeBSD.org References: <20011004071834.A2458@acadia.ne.mediaone.net> <20011004135129.E297@blossom.cjclark.org> <20011009005629.D589@acadia.ne.mediaone.net> <20011009035651.N350@blossom.cjclark.org> <20011009145144.C64668@acadia.ne.mediaone.net> <20011010001011.F387@blossom.cjclark.org> <20011010070853.A592@acadia.ne.mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20011010070853.A592@acadia.ne.mediaone.net> User-Agent: Mutt/1.3.22.1i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10/10/01 07:08 AM, Louis LeBlanc sat at the `puter and typed: > [snip] > > I found the DNS culprit. Looks like I need to try that firewall > again. Turns out I had borrowed a bogus dhclient-enter-hooks script > that was hosing resolv.conf. DNS seens to be solved for now. > > Thanks! > > I'll try that firewall again and let you know if it still hoses > things. > > BTW, in Linux, it was fairly trivial to release a DHCP lease, renew > it, reset the firewall and get masquerading back up (automatic the way > Linux did masquerading thru the firewall) - all without a reboot. Is > there a relatively painless way to do this in FreeBSD? As promised, I tried the script out, but no good. It wasn't so much a DNS problem as being unable to get to a DNS server. Something in the script is blocking something it shouldn't or failing to allow something it should. I also tried the script presented at http://www.mostgraveconcern.com/freebsd/ipfw.html with my modifications to read the nameservers of course, but it has the same behaviour. The only thing I can get to work is a slightly modified version of the default script using the simple firewall type. Still no nat, though. And the darn thing won't allow me to ping out. I'll have to hack that in if I'm gonna continue to test with it. I still can't figure out the exact point of the problem. I have read the FreeBSD handbook dhcp, nat, and firewall sections, and have lurked on the list looking for gotchas, but nothing comes to mind. I'll read some more, and study this firewall that at least lets me out, but my wife's gonna get impatient for her email :). The script I posted was adapted from one generated at http://www.linux-firewall-tools.com/linux/firewall/index.html I know, it's a linux site. But the firewall is generated for ipfw. Maybe I should find another tool for generating strong firewalls. Christ, if you find the problem with that script, I'd certainly appreciate the pointers. I'll certainly study it myself, since I don't just want everything done for me. If I should get it working, I'll post my findings. Thanks again Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ I don't deserve this award, but I have arthritis and I don't deserve that either. -- Jack Benny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message