From owner-freebsd-questions Sat Jun 17 0:11:53 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wcug.wwu.edu (sloth.wcug.wwu.edu [140.160.164.200]) by hub.freebsd.org (Postfix) with SMTP id 3A0CB37B943 for ; Sat, 17 Jun 2000 00:11:50 -0700 (PDT) (envelope-from doc@wcug.wwu.edu) Received: (qmail 31586 invoked by uid 1074); 17 Jun 2000 07:11:44 -0000 Date: Sat, 17 Jun 2000 00:11:44 -0700 (PDT) From: David Daugherty X-Sender: doc@sloth To: cjclark@alum.mit.edu Cc: questions@FreeBSD.ORG Subject: Re: ipfw to localhost? In-Reply-To: <20000616214910.D310@dialin-client.earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The problem was in my nated.conf. I was using some 3.4 commands apparently. I'd used this same .conf file on 3.4 and tried to copy it into a 4.0 install. The two lines causing the problem were: unregistered only use sockets I'm not sure why this didn't show during my boot process in messages. I just happened to catch it when I ran /etc/netstart. David Software Engineer - NetManage Work email: david.daugherty@netmanage.com Home email: doc@wcug.wwu.edu ICQ 21106703 Washington State Resident On Fri, 16 Jun 2000, Crist J. Clark wrote: > On Fri, Jun 16, 2000 at 05:06:48PM -0700, David Daugherty wrote: > > I've really munged up my firewall recently and I'm trying to figure out > > where I've screwed up (which file). This is on a box which is acting as > > router to the rest of my 192.168. network. > > Sounds like trouble with your firewall rules or natd or both. > > > I've managed to make my machine pingable to the outside world again by > > commenting out all of the firewall stuff in my rc.conf > > #firewall_enable="YES" > > #firewall_type="open" > > If I uncomment this and reboot I can't ping out nor is my box pingable > > from the outside. > > Sounds like trouble with your firewall rules or natd or both. > > > Unfortunately by commenting this out I no longer provide Internet access > > to the machines behind the router. I noticed in my /var/log/ipfw.today I > > have: > > 00200 2 78 deny ip from any to 127.0.0.0/8 > > I have nothing like this in my natd.conf nor my rc.firewall. Where else > > would I be able to find this line? Why would shutting down my firewall > > deny access to the Internet from my internal machines? > > The following are in the default rc.firewall, > > ############ > # Only in rare cases do you want to change these rules > # > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > > Did you remove them in yours? > > Please post your firewall rules and natd configuration (rc.conf and a > natd.conf file if it exists). > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message