From owner-freebsd-ipfw Tue Jan 22 15:19:44 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail2.dbitech.ca (radius.wavefire.com [139.142.95.252]) by hub.freebsd.org (Postfix) with SMTP id E0C2437B41A for ; Tue, 22 Jan 2002 15:19:26 -0800 (PST) Received: (qmail 8334 invoked from network); 17 Jan 2002 22:40:09 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (139.142.95.253) by 139.142.95.252 with SMTP; 17 Jan 2002 22:40:09 -0000 Message-Id: <3.0.32.20020117142236.03eeaad0@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 17 Jan 2002 14:22:37 -0800 To: freebsd-ipfw@freebsd.org From: Darcy Buskermolen Subject: Re: ipfw and nat Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Try changing ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" ifconfig_fxp0="inet 192.168.111.1 netmask 255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" to ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" ifconfig_fxp1="inet 192.168.111.1 netmask 255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" Problem is you overwrote your outside interface IP with the IP address of your insider interface... At 02:13 PM 1/17/02 -0800, you wrote: >I cant get thrue my firewall. >If I try to ping the firewall or anything outside I get a no response, and if I >try to ping from the firewall to a ip behind it I get a permission denied, or >something like that. >I tryed to go to grab a web page outside the firewall, and it seemed like after >droping a lot of the packages I got something thrue, but it was only a small >fragment of the packages. >Any hints to what I'm doing wrong would be most wellcome. > >/Flemming > >Kernel is 4.5RC and I have added: >options IPFIREWALL >options IPFIREWALL_VERBOSE >options IPFIREWALL_VERBOSE_LIMIT=100options IPDIVERT > >In RC.conf I have: >ifconfig_fxp0="inet xxx.xxx.xxx.xxx netmask 255.255.255.252" >ifconfig_fxp0="inet 192.168.111.1 netmask >255.255.255.0"defaultrouter="xxx.xxx.xxx.xxy" >gateway_enable="YES" >firewall_enable="YES" >firewall_type="simple" >natd_enable="YES" >natd_interface="fxp0" > >If I set the firewall_type to open then I can get out, but I would like a little >more security than that. > >in rc.firewall I have edited the following: >oif="fxp0" >onet="xxx.xxx.xxx.xxz" >omask="255.255.255.252" >oip="xxx.xxx.xxx.xxx" > >iif="fxp1" >inet="192.168.111.0" >imask="255.255.255.0" >iip="192.168.111.1" >Everything else is left to default. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message