Date: Thu, 17 Jan 2002 14:22:37 -0800 From: Darcy Buskermolen <darcy@ok-connect.com> To: freebsd-ipfw@freebsd.org Subject: Re: ipfw and nat Message-ID: <3.0.32.20020117142236.03eeaad0@mail.ok-connect.com>
next in thread | raw e-mail | index | archive | help
Try changing ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" ifconfig_fxp0="inet 192.168.111.1 netmask 255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" to ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" ifconfig_fxp1="inet 192.168.111.1 netmask 255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" Problem is you overwrote your outside interface IP with the IP address of your insider interface... At 02:13 PM 1/17/02 -0800, you wrote: >I cant get thrue my firewall. >If I try to ping the firewall or anything outside I get a no response, and if I >try to ping from the firewall to a ip behind it I get a permission denied, or >something like that. >I tryed to go to grab a web page outside the firewall, and it seemed like after >droping a lot of the packages I got something thrue, but it was only a small >fragment of the packages. >Any hints to what I'm doing wrong would be most wellcome. > >/Flemming > >Kernel is 4.5RC and I have added: >options IPFIREWALL >options IPFIREWALL_VERBOSE >options IPFIREWALL_VERBOSE_LIMIT=100options IPDIVERT > >In RC.conf I have: >ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" >ifconfig_fxp0="inet 192.168.111.1 netmask >255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" >gateway_enable="YES" >firewall_enable="YES" >firewall_type="simple" >natd_enable="YES" >natd_interface="fxp0" > >If I set the firewall_type to open then I can get out, but I would like a little >more security than that. > >in rc.firewall I have edited the following: >oif="fxp0" >onet="xxx.xxx.xxx.xxz" >omask="255.255.255.252" >oip="xxx.xxx.xxx.xxx" > >iif="fxp1" >inet="192.168.111.0" >imask="255.255.255.0" >iip="192.168.111.1" >Everything else is left to default. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.20020117142236.03eeaad0>