From owner-freebsd-questions Thu Oct 4 14: 5:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.121.50]) by hub.freebsd.org (Postfix) with ESMTP id 52A5137B401 for ; Thu, 4 Oct 2001 14:05:50 -0700 (PDT) Received: from dialup-209.245.132.25.dial1.sanjose1.level3.net ([209.245.132.25] helo=blossom.cjclark.org) by avocet.mail.pas.earthlink.net with esmtp (Exim 3.32 #2) id 15pFgj-0003sM-00; Thu, 04 Oct 2001 14:05:49 -0700 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f94L5KR01618; Thu, 4 Oct 2001 14:05:20 -0700 (PDT) (envelope-from cjc) Date: Thu, 4 Oct 2001 14:05:20 -0700 From: "Crist J. Clark" To: Arpith Jacob Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall troubles Message-ID: <20011004140520.H297@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from arpith@geocities.com on Thu, Oct 04, 2001 at 07:39:52AM +0530 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Oct 04, 2001 at 07:39:52AM +0530, Arpith Jacob wrote: > > Hi, > > I'm having problems connecting to my freebsd box from my network, I've tried > nearly everything without any success. I think its a problem with my > firewall rules. > > I cannot ping/telnet/ftp into my freebsd machine. I can however connect to > the outside world from the bsd box. How can I remove the default "deny" > clause for the firewall in my kernel options? > > Here is my firewall table (ipfw): > 00100 52 3640 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 65000 156 10249 allow ip from any to any > 65535 0 0 deny ip from any to any This does not look like a firewall problem. Your pass rule seems to be working fine. Nothing is being denied. > I ran tcpdump on the freebsd machine, I think the kernel is receiving the > connection requests, but is not passing it through the firewall. What makes you think that? > Outside network = p3.scully > Freebsd mc = p1.scully > > 13:44:35.504743 p3.scully > p1.scully: icmp: echo request (DF) > .. > .. > 13:45:03.509338 p3.scully > p1.scully: icmp: echo request (DF) > 13:45:04.509438 arp who-has p1.scully tell p3.scully > 13:45:04.509523 p3.scully > p1.scully: icmp: echo request (DF) > 13:45:04.509645 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5 > 13:45:05.509668 p3.scully > p1.scully: icmp: echo request (DF) > .. > .. > 13:45:31.513951 p3.scully > p1.scully: icmp: echo request (DF) > .. > 13:45:33.569860 p3.scully.1040 > p1.scully.telnet: S > 4274696198:4274696198(0) win 5840 0,nop,wscale 0> (DF) > 13:45:34.514374 arp who-has p1.scully tell p3.scully > 13:45:34.514498 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5 > 13:45:36.564739 p3.scully.1040 > p1.scully.telnet: S > 4274696198:4274696198(0) win 5840 0,nop,wscale 0> (DF) > > I've been breaking my head over this for a while now.. any help would really > be appreciated. I think we'd be better off starting with the ifconfig(8) output from p1.scully and the IP address of p3.scully. -- Crist J. Clark cjclark@alum.mit.edu cjclark@jhu.edu cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message