From owner-freebsd-newbies  Fri May 26  9:45:11 2000
Delivered-To: freebsd-newbies@freebsd.org
Received: from dns2.seanet.com (dns2.seanet.com [199.181.164.2])
	by hub.freebsd.org (Postfix) with ESMTP id 42FDC37BE42
	for <freebsd-newbies@FreeBSD.ORG>; Fri, 26 May 2000 09:45:04 -0700 (PDT)
	(envelope-from goodleaf@goodleaf.net)
Received: from clyde.goodleaf.net (piscator.seanet.com [199.181.165.218])
	by dns2.seanet.com (8.9.3/8.9.0) with ESMTP id JAA06911;
	Fri, 26 May 2000 09:44:48 -0700 (PDT)
Date: Fri, 26 May 2000 09:54:45 -0700 (PDT)
From: "J. Goodleaf" <goodleaf@goodleaf.net>
To: Generic Player <generic@unitedtamers.com>
Cc: freebsd-newbies@FreeBSD.ORG
Subject: Re: Firewall + nat
In-Reply-To: <003e01bfc72f$3e17a2f0$0100a8c0@x>
Message-ID: <Pine.BSF.4.21.0005260947240.43771-100000@clyde.goodleaf.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I think you also have to add

firewall_enable="yes"
and
natd_enable="yes"
natd_interface="xl0"

I may be wrong about this; am hardly expert and am doing this from
memory. Doesn't the handbook, available at freebsd.org under
documentation, have a section on this? If not, I'd check the
freebsddiary.org. 
I don't ever remember changing anything in the path you mentioned when I
had a similar setup. I just used /etc/rc.conf and rc.firewall.

Until you get things straightened out, perhaps you'd want to include a
kernel option which goes something like. 

options		IPFIREWALL_DEFAULT_TO_ACCEPT

Again, check me. I'm not sure I'm right. But if the option exists, you
should be able to find it in /sys/i386/conf/LINT.
-J

PS. Buy the Complete Freebsd if you can afford it. Good to have around,
although it's not entirely suitable for total newbies.

On Fri, 26 May 2000, Generic Player wrote:

> Hello again,
> 
>     I am using FreeBSD 4-release, and trying to share my internet connection with a win2000 machine.  I have ed0 as my internet connection, and xl0 as my LAN connection.  I added to my kernel config the lines:
> 
> options    IPFIREWALL
> options    IPDIVERT
> 
> and added the line:
> 
> firewall_type="open"
> 
> to my etc/rc.conf.  The only guide I could find on setting this up was for FreeBSD 2.2 though, and it tells me to edit files that don't exist on my system, like /usr/local/sbin/natd.conf.  So, my problem is, I can't connect to anything, or ping anything, it blocks all packets coming in or going out.  Does it matter what section of my rc.conf I add the firewall_type line?
> 
> Thanks again,
> Generic Player
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message