Date: Fri, 18 Oct 2002 11:31:35 -0500 From: mh <bikeIN@canada.com> To: freebsd-questions@FreeBSD.org Subject: Mac can't connect to Internet Message-ID: <1034958695.580.28.camel@hammarlund.radio.org>
next in thread | raw e-mail | index | archive | help
I have FreeBSD, 4.7 Stable running as a gateway box, with a Debian box also on the network. The gateway is connected to a Comcast cable modem, and is running ipfw as a firewall. Both boxes can see/connect each other and the Internet. I added a Powerbook, OS X, to the local network, configured /etc/hosts and /etc/resolv.conf. PB can ping the other boxes ok, but can't see the Internet. The other boxes can ping the PB ok. Looks like a firewall problem. If I connect the PB to the cable modem directly, the PB connects ok. It appears that the PB is trying to send UDP packets out on port 67, so I tried to open up the firewall for UDP traffic (not a good idea?) but still can't see outside the local network. Attached is my rc.firewall. In /etc/rc.conf I have firewall_type="open" and added some rules to the "open" section in rc.firewall. What am I doing wrong? Thanks. Michael Heyes ############ # Flush out the list before we begin. # ${fwcmd} -f flush ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd # starting at the rule number following the divert rule. # # For ``simple'' firewall type the divert rule should be put to a # different place to not interfere with address-checking rules. # case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac ############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # then you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. # # ${fwcmd} add 65000 pass all from any to any ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 #${fwcmd} add 300 deny ip from 127.0.0.0/8 to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) ${fwcmd} add 300 check-state ${fwcmd} add 350 allow all from 192.168.0.0/16 to any ${fwcmd} add 352 allow ip from any to 192.168.0.0/16 ${fwcmd} add 400 allow tcp from any to any in established ${fwcmd} add 410 pass tcp from any to any keep-state out setup ${fwcmd} add 420 pass udp from any to any 53 in recv dc0 ${fwcmd} add 430 pass udp from any to any out ${fwcmd} add 440 pass icmp from any to any icmptypes 3 ${fwcmd} add 450 pass icmp from any to any icmptypes 4 ${fwcmd} add 460 pass icmp from any to any icmptypes 8 ${fwcmd} add 470 pass icmp from any to any in icmptypes 0 ${fwcmd} add 480 deny ip from any to any ${fwcmd} add 65000 pass all from any to any ;; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1034958695.580.28.camel>