From owner-freebsd-questions  Thu Oct  4  9:55:18 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (oe32.law10.hotmail.com [64.4.14.89])
	by hub.freebsd.org (Postfix) with ESMTP id 5883137B403
	for <freebsd-questions@FreeBSD.ORG>; Thu,  4 Oct 2001 09:55:13 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 4 Oct 2001 09:55:13 -0700
X-Originating-IP: [203.197.159.60]
Reply-To: "Arpith Jacob" <arpith@geocities.com>
From: "Arpith Jacob" <arpith@geocities.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: Firewall troubles
Date: Thu, 4 Oct 2001 07:39:52 +0530
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: <OE32d490U3s91NGXpxw00003bd4@hotmail.com>
X-OriginalArrivalTime: 04 Oct 2001 16:55:13.0179 (UTC) FILETIME=[55B63EB0:01C14CF5]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Hi,

I'm having problems connecting to my freebsd box from my network, I've tried
nearly everything without any success. I think its a problem with my
firewall rules.

I cannot ping/telnet/ftp into my freebsd machine. I can however connect to
the outside world from the bsd box. How can I remove the default "deny"
clause for the firewall in my kernel options?

Here is my firewall table (ipfw):
00100  52  3640 allow ip from any to any via lo0
00200   0     0 deny ip from any to 127.0.0.0/8
65000 156 10249 allow ip from any to any
65535   0     0 deny ip from any to any

I ran tcpdump on the freebsd machine, I think the kernel is receiving the
connection requests, but is not passing it through the firewall.

Outside network = p3.scully
Freebsd mc = p1.scully

13:44:35.504743 p3.scully > p1.scully: icmp: echo request (DF)
..
..
13:45:03.509338 p3.scully > p1.scully: icmp: echo request (DF)
13:45:04.509438 arp who-has p1.scully tell p3.scully
13:45:04.509523 p3.scully > p1.scully: icmp: echo request (DF)
13:45:04.509645 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
13:45:05.509668 p3.scully > p1.scully: icmp: echo request (DF)
..
..
13:45:31.513951 p3.scully > p1.scully: icmp: echo request (DF)
..
13:45:33.569860 p3.scully.1040 > p1.scully.telnet: S
4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234528
0,nop,wscale 0> (DF)
13:45:34.514374 arp who-has p1.scully tell p3.scully
13:45:34.514498 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
13:45:36.564739 p3.scully.1040 > p1.scully.telnet: S
4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234828
0,nop,wscale 0> (DF)

I've been breaking my head over this for a while now.. any help would really
be appreciated.

Thanks,
Arpith


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message