Date: Wed, 2 Jul 2003 17:01:52 -0700 (PDT) From: Dan Phiffer <dphiffer@hmc.edu> To: <questions@freebsd.org> Subject: ipfw troubles Message-ID: <Pine.LNX.4.33.0307021429340.22146-100000@odin.ac.hmc.edu>
next in thread | raw e-mail | index | archive | help
Hello, I'm having some difficulty getting ipfw to work properly. I currently have it configured in "simple" mode. The box is running 4.8-STABLE and offers NAT, DHCP and backup DNS, and acts as a connector between the internal LAN and the Internet. The main problem is my SSH connections are getting terminated regularly. Attempting to reconnect is met with a "host unreachable" error for a few seconds after being disconnected. I'm also having difficulties with a certain IMAP server, but I'm not sure if that's a firewall-related issue. Further, I keep getting the following logged to /var/log/messages: Jul 2 16:30:21 firewall dhcpd: send_packet: Permission denied Jul 2 16:30:53 firewall last message repeated 14 times Jul 2 16:32:46 firewall last message repeated 14 times Jul 2 16:38:38 firewall last message repeated 83 times Jul 2 16:38:38 firewall dhcpd: icmp_echorequest 192.168.1.224: Permission denied Jul 2 16:38:48 firewall dhcpd: send_packet: Permission denied Jul 2 16:39:20 firewall last message repeated 8 times Jul 2 16:41:21 firewall last message repeated 38 times Jul 2 16:42:48 firewall last message repeated 11 times Jul 2 16:42:50 firewall dhcpd: icmp_echorequest 192.168.1.214: Permission denied I guess this means I'm not serving DHCP - what kind of rule would fix that? I read somewhere that simply using natd adds statefulness to an otherwise stateless ipfw configuration. Would an unstateful ipfw setup be less secure in this case? Thanks, -Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0307021429340.22146-100000>