From owner-freebsd-questions Fri Aug 31 1:55:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from serv1.is1.u-net.net (serv1.is1.u-net.net [195.102.240.129]) by hub.freebsd.org (Postfix) with ESMTP id 4C31637B401 for ; Fri, 31 Aug 2001 01:55:44 -0700 (PDT) (envelope-from d.fairs@psychmed.co.uk) Received: from [213.2.28.66] (helo=DAN) by serv1.is1.u-net.net with smtp (Exim 3.12 #1) id 15ck1p-0007Jm-00 for freebsd-questions@freebsd.org; Fri, 31 Aug 2001 09:51:53 +0100 From: "Daniel Fairs" To: Subject: FW: ARP Date: Fri, 31 Aug 2001 09:50:25 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry to reply to my own question. I am a dumb-ass. ipfw add allow all from any to any via xl0 fixed it for the moment. Don't worry, I'll tighten that rule later ;) I now have a nice natd/ipfw firewall (which needs more configuring, but hey). Cheers, Dan > -----Original Message----- > From: Daniel Fairs [mailto:d.fairs@psychmed.co.uk] > Sent: 31 August 2001 09:27 > To: freebsd-questions@freebsd.org > Subject: ARP > > > Hi, > > I'm having a problem setting up a FreeBSD-based firewall. The > machine has three network interfaces: > > xl0: Internal interface (192.168.0.1) > xl1: DMZ Interface (d.m.z.ip) > xl2: External Interface (public IP) > > > Currently, xl1 is not connected, I'm not worrying about it for now. > > I've got this machine connected to our ADSL router on xl2, and I > can successfully ping and make connections to the outside world > from the firewall machine. xl0 runs to a hub, and I have another, > Linux-based, test machine on that hub, address 192.168.0.2. Now, > from the firewall, I can ping 192.168.0.2. However, from the > Linux box, I cannot ping 192.168.0.1, even when the firewall is > disabled with sysctl (just to make sure packets are getting > through!). When I do a tcpdump on the Linux box while running > ping, I see arp request for who has 192.168.0.2 going out - but > the firewall is not responding to them. Do I have to enable arp > on xl0? How do I do that? Or am I missing something else? > > TIA, > Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message