Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Jun 2004 11:28:33 +0900
From:      Rob <stopspam@users.sourceforge.net>
To:        asolomon15 <asolomon15@nyc.rr.com>, freebsd-questions@freebsd.org
Subject:   Re: help setting up natd and ipfw on freebsd5.2.1
Message-ID:  <40C7C751.1000300@users.sourceforge.net>
In-Reply-To: <40C7C07E.2090602@nyc.rr.com>
References:  <40C7C07E.2090602@nyc.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
asolomon15 wrote:
> Hello all,
> I tried to setup natd on my  fbsd 5.2.1 box and fbsd 4.10 box with no 
> luck.   What I wanted to do was to setup a gateway for my internal 
> network to my cable provider.  On my server box I have two ethernet card 
> dc0 pointing to cable modem and dc1 pointing to hub so that the other 
> computers may connect with my bsd gateway.  I managed recompile the 
> kernel with options IPFIREWALL and IPDIVERT and  kernel  compiled 
> successfully.
> Then I add natd, gateway and firewall to my rc.conf file
> gateway_enable="YES"
> natd_enable="YES'
> natd_interface="dc0"
> firewall_enable="YES"
> firewall_type="/etc/rc.firewall"

I think you mixed up the following two (excerpt from /etc/default/rc.conf):
    firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
    firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)

To fix your mistake, I would then not touch the firewall_script variable, but
only set firewall_type in /etc/rc.conf:
    firewall_type="open"

-----

Then why your ping doesn't work with firewall, and works when firewall off:

It seems you are not using
    options IPFIREWALL_DEFAULT_TO_ACCEPT"
in your kernel configuration, which means, by default your kernel blocks
*everything* (also the ping). Since you used the wrong variable settings
in /etc/rc.conf, you ended up with firewall that blocks everything.
Disabling the firewall, opens up your connections again. Hence the
behaviour of your ping tests.
Using firewall_type="open" in rc.conf will prevent this.

Check your firewall settings, as root, "ipfw list".

Does this make sense to you?

Rob.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40C7C751.1000300>