From owner-freebsd-questions@FreeBSD.ORG Sun Jun 20 21:16:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E83CD16A4CE for ; Sun, 20 Jun 2004 21:16:19 +0000 (GMT) Received: from zinc.org.uk (zinc.org.uk [193.201.200.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2B9043D62 for ; Sun, 20 Jun 2004 21:16:19 +0000 (GMT) (envelope-from alison@zinc.org.uk) Received: from zinc.org.uk ([193.201.200.225] ident=www) by zinc.org.uk with esmtp (Exim 4.34 (FreeBSD)) id 1Bc9fm-000BFt-UA for freebsd-questions@freebsd.org; Sun, 20 Jun 2004 22:16:19 +0100 Received: from spr1-watf4-4-0-cust162.lond.broadband.ntl.com ([81.100.118.162]) (SquirrelMail authenticated user alison); by zinc.org.uk with HTTP; Sun, 20 Jun 2004 22:16:18 +0100 (BST) Message-ID: <1854.81.100.118.162.1087766178.squirrel@81.100.118.162> Date: Sun, 20 Jun 2004 22:16:18 +0100 (BST) From: "Alison Lloyd" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal SPF-Comment: zinc.org.uk: 193.201.200.225 is neither permitted nor denied by domain of zinc.org.uk Received-SPF: none (zinc.org.uk: 193.201.200.225 is neither permitted nor denied by domain of zinc.org.uk) client-ip=193.201.200.225; envelope-from=alison@zinc.org.uk; helo=zinc.org.uk; Subject: wierd router crashes... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jun 2004 21:16:20 -0000 Hiya I'm trying to get a FreeBSD box set up as a router between my cable internet connection and my home LAN. I'm using a Compaq Professional Workstation 5000 (yes, the Pentium Pro thingy), which I've installed an extra NIC into. The output from uname -a is: FreeBSD gorgonzola 4.9-RELEASE FreeBSD 4.9-RELEASE #1: Thu May 20 23:35:28 BST 2004 root@gorgonzola:/usr/obj/usr/src/sys/GORGONZOLA i386 I'm using 4.9 because 5.2.1 refuses to find any harddrives (IDE or SCSI), incidently. I've recompiled the original kernel to include ipfw support. My firewall ruleset is: add 10000 divert 8668 ip from any to any via tl0 add 60000 allow ip from any to any add 11010 allow tcp from any to any established add 11100 deny log tcp from any to tl0 where tl0 is the external interface and rl0 is the internal one. I've got everything up and running, got the external interface registered with my ISP, and can connect to the internet fine (http, ftp, ports all work). I've set the box up to DHCP for its external IP (which it does fine), and to use 192.168.1.1 for the internal one. The problems come in when I try to use a machine on the internal LAN - the router locks solid - no response to anything at all. It passes a few packets to start with, but then dies. After reboot, there are no suspicious entries in the logs, at least none that I can find. So long as I don't do anything on the internal LAN, everything runs perfectly! I've tried disabling all extraneous things (sendmail, etc.), to no avail. I'm not sure what to try next, as I'm fairly new to FreeBSD and firewalls / routers in general. Heeeeeeeelp! Alison