From owner-freebsd-questions Sun Aug 11 20: 2:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A05A37B400 for ; Sun, 11 Aug 2002 20:02:12 -0700 (PDT) Received: from web20508.mail.yahoo.com (web20508.mail.yahoo.com [216.136.226.143]) by mx1.FreeBSD.org (Postfix) with SMTP id 65E7043E6A for ; Sun, 11 Aug 2002 20:02:12 -0700 (PDT) (envelope-from dereksailor@yahoo.com) Message-ID: <20020812030211.47679.qmail@web20508.mail.yahoo.com> Received: from [24.30.242.173] by web20508.mail.yahoo.com via HTTP; Sun, 11 Aug 2002 20:02:11 PDT Date: Sun, 11 Aug 2002 20:02:11 -0700 (PDT) From: Derek Sailor Subject: Unable to connect to servers outside of intranet To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I recently upgraded from 3.2-RELEASE to 4.6-RELEASE. I'm sure that most of this problem has to do with my poor knowledge of the 4.x system. I have two server services running, sshd and ftpd. From my internal network (192.168.0.x) on interface de0 I'm able to connect fine. However, from the internet (on my AT&T broadband cable modem) on interface de1 I'm unable to connect at all. Running a portscan (using Shields Up at https://grc.com/x/ne.dll?bh0bkyd2 ) results in all ports listed in "stealth" mode. My FreeBSD box is not responding at all. However, when connected directly to a windows machine (using the same port scanner) it lists all ports as "closed". Thus, I believe the stealth is indeed coming from something I have set in FreeBSD. The network cards in both the windows machine, and the two in the FreeBSD machine are all the identical model, listed below (from dmesg). de0: port 0x6100-0x617f mem 0xe0410000-0xe041007f irq 9 at device 19.0 on pci0 de0: SMC 21041 [10Mb/s] pass 1.1 de0: address 00:00:c0:27:f7:d5 de1: port 0x6200-0x627f mem 0xe0411000-0xe041107f irq 11 at device 20.0 on pci0 de1: SMC 21041 [10Mb/s] pass 1.1 de1: address 00:00:c0:f2:68:cf I'm running natd on a custom kernel, which operates properly. I'm using the latest version of ISC-DHCP (dhcp-3.0.1rc9.tar.gz.1). My firewall is set to "OPEN" in both /etc/rc.conf : # more /etc/rc.conf | grep fire firewall_enable="YES" firewall_type="OPEN" and in my kernel config : # more /usr/src/sys/i386/conf/CUSTOM | grep FIRE options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=20 Kernel secure level is set to -1. # sysctl -a | grep secure kern.securelevel: -1 And, of course, firewall rules are also wide open: # ipfw list 00050 divert 8668 ip from any to any via de1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any I've swapped interfaces for the cable modem and internal network, this result in no change. (This allowed me to also try another IP address from my ISP.) I'm completely at a loss at this point. Everything internally works great! However, from the outside, you get no response from the box at all. Even though 'tcpdump' allows me to see someone attempting to connect to port 21, the box doesn't seems to ingnore their attempt. Any suggestions? Anyone? Help?!?!! :) Thanks! __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message