From owner-freebsd-questions@FreeBSD.ORG Sat May 29 15:25:20 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC55816A4CE for ; Sat, 29 May 2004 15:25:20 -0700 (PDT) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B215C43D4C for ; Sat, 29 May 2004 15:25:20 -0700 (PDT) (envelope-from aardvark@saintaardvarkthecarpeted.com) Received: from pd5mr7so.prod.shaw.ca (pd5mr7so-qfe3.prod.shaw.ca [10.0.141.183]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HYH00M11YA8O6@l-daemon> for freebsd-questions@freebsd.org; Sat, 29 May 2004 16:25:20 -0600 (MDT) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd5mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0HYH00KKWYA8GC80@pd5mr7so.prod.shaw.ca> for freebsd-questions@freebsd.org; Sat, 29 May 2004 16:25:20 -0600 (MDT) Received: from francisco.saintaardvarkthecarpeted.com (S010600609761a671.vc.shawcable.net [24.87.202.31]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HYH00KCXYA76T@l-daemon> for freebsd-questions@freebsd.org; Sat, 29 May 2004 16:25:20 -0600 (MDT) Received: from hardesty.saintaardvarkthecarpeted.com (hardesty.saintaardvarkthecarpeted.com [192.168.23.1]) by francisco.saintaardvarkthecarpeted.com (8.12.10/8.12.10) with ESMTP id i4TMciIh085961; Sat, 29 May 2004 15:38:44 -0700 Received: from hardesty.saintaardvarkthecarpeted.com (localhost.saintaardvarkthecarpeted.com [127.0.0.1]) by hardesty.saintaardvarkthecarpeted.com (8.12.11/8.12.11) with ESMTP id i4TFbCXm030429; Sat, 29 May 2004 08:37:12 -0700 (PDT) Received: (from aardvark@localhost) by hardesty.saintaardvarkthecarpeted.com (8.12.11/8.12.11/Submit) id i4TFbAgp000636; Sat, 29 May 2004 08:37:10 -0700 (PDT) Date: Sat, 29 May 2004 08:37:10 -0700 From: Saint Aardvark the Carpeted In-reply-to: <20040528092221.GA9593@profi.kharkov.ua> To: Gregory Edigarov Message-id: <20040529153709.GA32005@hardesty.saintaardvarkthecarpeted.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2i References: <20040528092221.GA9593@profi.kharkov.ua> X-Authentication-warning: hardesty.saintaardvarkthecarpeted.com: aardvark set sender to aardvark@saintaardvarkthecarpeted.com using -f cc: freebsd-questions@freebsd.org Subject: Re: ipfw, 2 scripts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 May 2004 22:25:21 -0000 Gregory Edigarov disturbed my sleep to write: > bellow you will find 2 ipfw scripts, first one working, and second > is a very good looking, but not working. > what am I missing in the second script? Hm...one thing missing in script 2 is something to allow traffic via localhost. Another difference I can see is that in script 2, you're denying all from 10.0.0.0/8 to 195.5.17.86 -- in script one, it says deny to tun0. Is it possible this is denying all packets from the 10.100.105.0/24 network you mentioned? That said, I'm guessing. It'd help if you could tell me what interfaces you have, their IP addresses, and what exactly is failing. -- Saint Aardvark the Carpeted aardvark@saintaardvarkthecarpeted.com Because the plural of Anecdote is Myth.