From owner-freebsd-questions@FreeBSD.ORG Wed Feb 16 09:26:57 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A22416A4CE for ; Wed, 16 Feb 2005 09:26:57 +0000 (GMT) Received: from python.netsource.ie (python.netsource.ie [212.17.32.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id B467B43D48 for ; Wed, 16 Feb 2005 09:26:56 +0000 (GMT) (envelope-from domain.admin@online.ie) Received: from web2.www.online.ie (www.online.ie [213.159.130.72] (may be forged)) by python.netsource.ie (8.12.3/8.12.10) with ESMTP id j1G9QpHV000977 for ; Wed, 16 Feb 2005 09:26:52 GMT Received: (from nobody@localhost)freebsd-questions@freebsd.org; Wed, 16 Feb 2005 09:26:51 GMT Received: from 194-152-247-50.adsl.net.t-com.hr (194-152-247-50.adsl.net.t-com.hr [194.152.247.50]) by mail.online.ie (IMP) with HTTP for ; Wed, 16 Feb 2005 10:26:51 +0100 Message-ID: <1108546011.421311db8f10b@mail.online.ie> Date: Wed, 16 Feb 2005 10:26:51 +0100 From: Hiram Abiff To: freebsd-questions@freebsd.org References: <1108469888.4211e880197ca@mail.online.ie> <44mzu5prpk.fsf@be-well.ilk.org> In-Reply-To: <44mzu5prpk.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.4 X-Originating-IP: 194.152.247.50 X-CanItPRO-Stream: webmail X-Spam-Score: 0 () X-Bayes-Prob: 0.5 (Score 0) X-Canit-Stats-ID: 4807728 - 2c63e04a65ec X-Scanned-By: CanIt (www . roaringpenguin . com) on 212.17.32.57 Subject: Re: Operation: "ipfw on a gateway box" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Feb 2005 09:26:57 -0000 Quoting Lowell Gilbert : > Hiram Abiff writes: > > > I followed your advice and rewrote my firewall rules. > > Although, even now, there are some major difficulties. > > Please remember that you sent this message to a mailing list with a > very large number of people. I, for one, do not remember the earlier > messages, and may not have read them. > I appologize for the inconvenience. I will try to be clearer. > > I still, can't acces the net from my 2 other computers > > via my FreeBSD firewalled gateway. > > Although I set up on it to allow traffic on > > ports 21, 22, 53, 8080 I can only telent to port > > 21, all the others report a "connection refused" error. > > Where did you do this from? > I tried accesing the FreeBSD box from the 2 other computers I have. Also I tried telneting from the FreeBSD box to itself. > > I can ping the FreeBSD box, but i cannot ping any outside > > IP addresseses from the FreeBSD box or the other boxes on my > > home LAN. > > In other words, not only can't you access the net from the other > computers, but you can't from the FreeBSD box either? Unfortunately, yes. I tried pinging outside computers by IP address but I canćt anymore. > > Does anything work *without* the firewall? Yes, before I started messing with the firewall I had squid set up, I set up FreeBSD as a gateway and also as a DNS server. I could acces the WWW, ftp, telnet and all the other services at will, inside and outside my home LAN. > > > Also when FreeBSD is booting I caught some error messages that > > said unknow command "setup" for some of my firewall rules. > > Kind of need more details here. I can't see what that could be... > I was thinking maybe I misplaces the setup keyword in my firewall rule file. Did u happen to see it, I posted it in my last mail. I dončt understand how ftp works and my proxy serevr doesn't if I used the very same and exact syntax to define the rules. -- "It was as though a veil had been rent. I saw on that ivory face the expression of sombre pride, of ruthless power, of craven terror -- of an intense and hopeless despair. Did he live his life again in every detail of desire, temptation, and surrender during that supreme moment of complete knowledge?"