From owner-freebsd-questions  Thu Dec  3 18:43:16 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA07229
          for freebsd-questions-outgoing; Thu, 3 Dec 1998 18:43:16 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA07224
          for <freebsd-questions@FreeBSD.ORG>; Thu, 3 Dec 1998 18:43:15 -0800 (PST)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost)
	by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id SAA10723;
	Thu, 3 Dec 1998 18:42:48 -0800 (PST)
Date: Thu, 3 Dec 1998 18:42:48 -0800 (PST)
From: Dan Busarow <dan@dpcsys.com>
To: Briang <brian@briang.org>
cc: FreeBSD <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPFW
In-Reply-To: <003001be1f2b$e595b100$2900a8c0@brian-desktop.briang.org>
Message-ID: <Pine.BSF.3.96.981203183550.4276B-100000@java.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 3 Dec 1998, Briang wrote:
> I have DNS and NATD running with IPFW ->  FXP0 -> Internet / 24.1.8x.xxx
> FXP1-> Private / 192.168.0.1.
> Well this is what I dont understand if I try to ping www.briang.org it
> replys fine but if I try to open
> www.briang.org inside netscape it times out saying it cant find the
> website...Hmmmm
> So I added this line to the rc.firewall file
> """  $fwcmd add divert 6668 all from 192.168.0.0/24 to any via fxp1 """
> and now I can open the website but snmp service tells me that is cant no
> longer find the interface for 24.1.8x.xxx. Hmmm
> 
> c:\tracert 24.0.0.27
>  1   <10 ms   <10 ms   <10 ms  rtr1.gw.briang.org [192.168.0.1]
>  2    42 ms    20 ms    20 ms  24.1.88.1
>  3    18 ms    10 ms    10 ms  r1-fe2-0-0-100bt.frmt1.sfba.home.net
> [24.1.80.1]
> 
> Next shouldn't I see it going through FXP1 and then to FXP0 out to the net

Routers (which is what your FreeBSD box is now, sort of :) normally
only report one interface on a traceroute.  Looking at traceroutes
through Ciscos, Livingstons and FreeBSD systems it looks like the 
input side is the one reporting.  Your trace looks normal to me.


> cat /etc/rc.firewall
> 
> $fwcmd -f flush
> $fwcmd add divert 6668 all from any to any via fxp0
> $fwcmd add 100 pass all from any to any via lo0
> $fwcmd add 200 deny all from any to 127.0.0.0/8
> $fwcmd add deny all from 192.168.0.0/24 to any out via fxp0

Drop this deny for 192.168.0.0

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message