Date: 15 Nov 99 01:55:57 PST From: Jesus Sandoval <jskolovos@netscape.net> To: freebsd-questions@FreeBSD.org Subject: Help with ping and packet filtering Message-ID: <19991115095557.25091.qmail@www0j.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
I have installed in my FreeBSD Box (Ver 3.2) two network cards one of them
with address 172.16.1.3 and the other gets its address by DHCP (the isc-dhcp
dhcp client package)in order to do this I configured "natd" and some rules for
/etc/rc.firewall as the "man natd" documentation says.
the layout of my network is as follows:
In the local side:
One client machine (Windows 98) with IP address 172.16.1.80/24 (ed2)
My FreeBSD server with 2 NIC's one of them
with IP address 172.16.1.3/24 and the
other configures after startup by
"/usr/local/sbin/dhcpc -drn ed1" (ed1)
this is connected to my cable modem
most of the times the IP address bounded to this
NIC is 10.8.105.80/16
In the network of my cable provider the gateway is 10.8.1.1/16
everything works fine (ftp, telnet, DNS, http) from my FreeBSD server and my
windows client, except ICMP protocol, when I send a ping from the windows
client the command sends the following message:
ping www.freebsd.org
Making ping to www.freebsd.org [204.216.27.21] ....
Response from 10.8.1.1 destination network unreachable.
When I make this from the freeBSD server I got
css# ping www.freebsd.org
PING freefall.freebsd.org (204.216.27.21): 56 data bytes
36 bytes from 10.8.1.1: Communication prohibited by filter
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 18df 0 0000 ff 01 4784 10.8.105.80 204.216.27.21
It says COMMUNICATION PROHIBITED BY FILTER
I look in the ipfw rules with the command "ipfw -at l" and I got the
following:
css# ipfw -at l
00100 6623 2750220 Mon Nov 15 02:47:26 1999 divert 8668 ip from any to any
via ed1
00200 16221 6113967 Mon Nov 15 02:49:59 1999 allow ip from any to any
65535 0 0 deny ip from any to any
these are the rules that the documentation of natd says i must include (very
unsafe but they must let me work).
I can't find where is the filter that don't let me ping to any internet
server.
thanks in advance for your help
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991115095557.25091.qmail>