Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Jun 2000 21:49:10 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        David Daugherty <doc@wcug.wwu.edu>
Cc:        questions@FreeBSD.ORG
Subject:   Re: ipfw to localhost?
Message-ID:  <20000616214910.D310@dialin-client.earthlink.net>
In-Reply-To: <Pine.LNX.3.96.1000616164114.20932A-100000@sloth>; from doc@wcug.wwu.edu on Fri, Jun 16, 2000 at 05:06:48PM -0700
References:  <Pine.LNX.3.96.1000616164114.20932A-100000@sloth>
index | next in thread | previous in thread | raw e-mail 

On Fri, Jun 16, 2000 at 05:06:48PM -0700, David Daugherty wrote:
> I've really munged up my firewall recently and I'm trying to figure out
> where I've screwed up (which file). This is on a box which is acting as
> router to the rest of my 192.168. network.

Sounds like trouble with your firewall rules or natd or both.

> I've managed to make my machine pingable to the outside world again by
> commenting out all of the firewall stuff in my rc.conf
> #firewall_enable="YES"
> #firewall_type="open"
> If I uncomment this and reboot I can't ping out nor is my box pingable
> from the outside.

Sounds like trouble with your firewall rules or natd or both.

> Unfortunately by commenting this out I no longer provide Internet access
> to the machines behind the router. I noticed in my /var/log/ipfw.today I
> have:
> 00200      2        78 deny ip from any to 127.0.0.0/8
> I have nothing like this in my natd.conf nor my rc.firewall. Where else
> would I be able to find this line? Why would shutting down my firewall
> deny access to the Internet from my internal machines?

The following are in the default rc.firewall,

  ############
  # Only in rare cases do you want to change these rules
  #
  ${fwcmd} add 100 pass all from any to any via lo0
  ${fwcmd} add 200 deny all from any to 127.0.0.0/8

Did you remove them in yours?

Please post your firewall rules and natd configuration (rc.conf and a
natd.conf file if it exists).
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000616214910.D310>