From owner-freebsd-net@FreeBSD.ORG Sun Oct 19 08:59:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF5FE16A4B3 for ; Sun, 19 Oct 2003 08:59:14 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E79543F3F for ; Sun, 19 Oct 2003 08:59:14 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id h9JFxDYL047128; Sun, 19 Oct 2003 11:59:13 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id h9JFxD5U047127; Sun, 19 Oct 2003 11:59:13 -0400 (EDT) (envelope-from barney) Date: Sun, 19 Oct 2003 11:59:13 -0400 From: Barney Wolff To: Dan Message-ID: <20031019155913.GA46989@pit.databus.com> References: <200310191532.40136.dan@ntlbusiness.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200310191532.40136.dan@ntlbusiness.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@freebsd.org Subject: Re: IPFW. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2003 15:59:15 -0000 On Sun, Oct 19, 2003 at 03:32:40PM +0100, Dan wrote: > Hi there. > I hope you can help. > I've been trying and trying for days to try and get these rules sorted, as > whenever they're used, my laptop (which is using my FreeBSD box as a gateway) > cannot access the Internet. I suggest you put "log" on all your denies, and by ipfw -atde list see which rules are stopping the packets. Aside from whether the ruleset works, it seems inconsistent. If you're going to keep state, you should not be allowing tcp established, but instead setting up state on setup, both ways. btw, "pass" means allow, did you mean "deny"? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.