From owner-freebsd-ipfw Mon Apr 24 18:51:50 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 890BE37BC7C for ; Mon, 24 Apr 2000 18:51:37 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id VAA75148; Mon, 24 Apr 2000 21:17:21 -0400 (EDT) (envelope-from cjc) Date: Mon, 24 Apr 2000 21:17:21 -0400 From: "Crist J. Clark" To: Jordan Blanchard Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Firewall and the general Network Message-ID: <20000424211721.A75100@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000424082153.A73579@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from cybernetik@sympatico.ca on Mon, Apr 24, 2000 at 10:17:16AM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 24, 2000 at 10:17:16AM -0400, Jordan Blanchard wrote: > > "Forcing you to use a proxy?" What do you mean? > > > well, when trying to view web pages without a proxy program through my 95 > box, it stalls.. > > > Anyway, could you send, > > # ipfw show > > 00060 66545 35492707 allow ip from any to any > 00100 0 0 divert 8668 ip from any to any via tun0 > 00100 0 0 allow ip from any to any via lo0 > 00100 0 0 divert 8668 ip from any to any via tun0 > 00100 0 0 divert 8668 ip from any to any via tun0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00210 0 0 deny icmp from any to any via ed0 > 65535 16 1000 deny ip from any to any As Mike pointed out, these rules make no sense. They are not the "simple" firewall rules either. > # netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 216.209.34.1 UGSc 10 9642 tun0 > 1 link#2 UC 0 0 ed1 > 10.10.10/24 link#1 UC 0 0 ed0 > 10.10.10.12 0:40:5:4d:3d:c8 UHLW 1 2260 ed0 144 > 10.10.10.120 0:80:c8:36:69:ed UHLW 2 4970 ed0 715 > 127.0.0.1 127.0.0.1 UH 0 2 lo0 > 216.209.34.1 216.209.34.202 UH 9 0 tun0 > 216.209.34.202 127.0.0.1 UH 0 0 lo0 OK. > # ifconfig -a > ed0: flags=8843 mtu 1500 > inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 > ether 00:20:18:65:a0:9f > ed1: flags=88c3 mtu 1500 > inet 1.1.1.1 netmask 0xff000000 broadcast 1.255.255.255 > ether 00:00:c0:df:fb:7f > tun0: flags=8051 mtu 1492 > inet 216.209.34.202 --> 216.209.34.1 netmask 0xffffff00 > ppp0: flags=8010 mtu 1500 > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 OK. > :And if you are running natd(8) or a routing daemon, the relevant > :info. Then we can probably help analyze your problem. > > I've got natd runing, from rc.conf.. > > 138 ?? Is 0:00.00 /sbin/natd -n tun0 If you are doing NAT through PPP, you should probably use the '-nat' option in ppp(8) rather than the natd(8) daemon. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message