From owner-freebsd-questions Mon Nov 15 1:56: 2 1999 Delivered-To: freebsd-questions@freebsd.org Received: from www0j.netaddress.usa.net (www0j.netaddress.usa.net [204.68.24.39]) by hub.freebsd.org (Postfix) with SMTP id 1869B14C97 for ; Mon, 15 Nov 1999 01:55:58 -0800 (PST) (envelope-from jskolovos@netscape.net) Received: (qmail 25092 invoked by uid 60001); 15 Nov 1999 09:55:57 -0000 Message-ID: <19991115095557.25091.qmail@www0j.netaddress.usa.net> Received: from 204.68.24.39 by www0j for [148.233.25.244] via web-mailer(M3.3.1.96) on Mon Nov 15 09:55:57 GMT 1999 Date: 15 Nov 99 01:55:57 PST From: Jesus Sandoval To: freebsd-questions@FreeBSD.org Subject: Help with ping and packet filtering X-Mailer: USANET web-mailer (M3.3.1.96) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have installed in my FreeBSD Box (Ver 3.2) two network cards one of the= m with address 172.16.1.3 and the other gets its address by DHCP (the isc-d= hcp dhcp client package)in order to do this I configured "natd" and some rule= s for /etc/rc.firewall as the "man natd" documentation says. the layout of my network is as follows: In the local side: One client machine (Windows 98) with IP address 172.16.1.80/24 (ed2) My FreeBSD server with 2 NIC's one of them = with IP address 172.16.1.3/24 and the other configures after startup by "/usr/local/sbin/dhcpc -drn ed1" (ed1) this is connected to my cable modem most of the times the IP address bounded to this NIC is 10.8.105.80/16 In the network of my cable provider the gateway is 10.8.1.1/16 everything works fine (ftp, telnet, DNS, http) from my FreeBSD server and= my windows client, except ICMP protocol, when I send a ping from the windows= client the command sends the following message: ping www.freebsd.org Making ping to www.freebsd.org [204.216.27.21] .... Response from 10.8.1.1 destination network unreachable. When I make this from the freeBSD server I got css# ping www.freebsd.org PING freefall.freebsd.org (204.216.27.21): 56 data bytes 36 bytes from 10.8.1.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 18df 0 0000 ff 01 4784 10.8.105.80 204.216.27.21 = It says COMMUNICATION PROHIBITED BY FILTER I look in the ipfw rules with the command "ipfw -at l" and I got the following: css# ipfw -at l 00100 6623 2750220 Mon Nov 15 02:47:26 1999 divert 8668 ip from any to= any via ed1 00200 16221 6113967 Mon Nov 15 02:49:59 1999 allow ip from any to any 65535 0 0 deny ip from any to any = these are the rules that the documentation of natd says i must include (v= ery unsafe but they must let me work). I can't find where is the filter that don't let me ping to any internet server. thanks in advance for your help ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webm= ail.netscape.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message