From owner-freebsd-questions Fri Jun 16 21:52:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from eagle.prod.itd.earthlink.net (eagle.prod.itd.earthlink.net [207.217.120.24]) by hub.freebsd.org (Postfix) with ESMTP id 8B6A937B63D for ; Fri, 16 Jun 2000 21:52:17 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0531.cvx20-bradley.dialup.earthlink.net [209.179.252.21]) by eagle.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id VAA20348; Fri, 16 Jun 2000 21:52:15 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id VAA00560; Fri, 16 Jun 2000 21:50:51 -0700 (PDT) Date: Fri, 16 Jun 2000 21:49:10 -0700 From: "Crist J. Clark" To: David Daugherty Cc: questions@FreeBSD.ORG Subject: Re: ipfw to localhost? Message-ID: <20000616214910.D310@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from doc@wcug.wwu.edu on Fri, Jun 16, 2000 at 05:06:48PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Jun 16, 2000 at 05:06:48PM -0700, David Daugherty wrote: > I've really munged up my firewall recently and I'm trying to figure out > where I've screwed up (which file). This is on a box which is acting as > router to the rest of my 192.168. network. Sounds like trouble with your firewall rules or natd or both. > I've managed to make my machine pingable to the outside world again by > commenting out all of the firewall stuff in my rc.conf > #firewall_enable="YES" > #firewall_type="open" > If I uncomment this and reboot I can't ping out nor is my box pingable > from the outside. Sounds like trouble with your firewall rules or natd or both. > Unfortunately by commenting this out I no longer provide Internet access > to the machines behind the router. I noticed in my /var/log/ipfw.today I > have: > 00200 2 78 deny ip from any to 127.0.0.0/8 > I have nothing like this in my natd.conf nor my rc.firewall. Where else > would I be able to find this line? Why would shutting down my firewall > deny access to the Internet from my internal machines? The following are in the default rc.firewall, ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 Did you remove them in yours? Please post your firewall rules and natd configuration (rc.conf and a natd.conf file if it exists). -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message