Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Oct 2002 11:31:35 -0500
From:      mh <bikeIN@canada.com>
To:        freebsd-questions@FreeBSD.org
Subject:   Mac can't connect to Internet
Message-ID:  <1034958695.580.28.camel@hammarlund.radio.org>

next in thread | raw e-mail | index | archive | help
I have FreeBSD, 4.7 Stable running as a gateway box, with a Debian box
also on the network. The gateway is connected to a Comcast cable modem,
and is running ipfw as a firewall. Both boxes can see/connect each other
and the Internet.

I added a Powerbook, OS X, to the local network, configured /etc/hosts
and /etc/resolv.conf. PB can ping the other boxes ok, but can't see the
Internet. The other boxes can ping the PB ok. Looks like a firewall
problem. If I connect the PB to the cable modem directly, the PB
connects ok.

It appears that the PB is trying to send UDP packets out on port 67, so
I tried to open up the firewall for UDP traffic (not a good idea?) but
still can't see outside the local network. Attached is my rc.firewall.
In /etc/rc.conf I have firewall_type="open" and added some rules to the
"open" section in rc.firewall.

What am I doing wrong? Thanks.

Michael Heyes



############
# Flush out the list before we begin.
#
${fwcmd} -f flush

############
# Network Address Translation.  All packets are passed to natd(8)
# before they encounter your remaining rules.  The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
        case ${natd_enable} in
        [Yy][Ee][Ss])
                if [ -n "${natd_interface}" ]; then
                        ${fwcmd} add 50 divert natd all from any to any
via ${natd_interface}
                fi
                ;;
        esac

############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open.  You can also
# do this as your only action by setting the firewall_type to ``open''. 
# 
# ${fwcmd} add 65000 pass all from any to any

############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
#${fwcmd} add 300 deny ip from 127.0.0.0/8 to any

# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
        ${fwcmd} add 300 check-state
        ${fwcmd} add 350 allow all from 192.168.0.0/16 to any
        ${fwcmd} add 352 allow ip from any to 192.168.0.0/16
        ${fwcmd} add 400 allow tcp from any to any in established
        ${fwcmd} add 410 pass tcp from any to any keep-state out setup
        ${fwcmd} add 420 pass udp from any to any 53 in recv dc0
        ${fwcmd} add 430 pass udp from any to any out
        ${fwcmd} add 440 pass icmp from any to any icmptypes 3
        ${fwcmd} add 450 pass icmp from any to any icmptypes 4   
        ${fwcmd} add 460 pass icmp from any to any icmptypes 8   
        ${fwcmd} add 470 pass icmp from any to any in icmptypes 0
        ${fwcmd} add 480 deny ip from any to any
        ${fwcmd} add 65000 pass all from any to any
        ;; 






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1034958695.580.28.camel>