From owner-freebsd-questions@FreeBSD.ORG Fri Feb 18 05:01:55 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5832416A4CE for ; Fri, 18 Feb 2005 05:01:55 +0000 (GMT) Received: from out005.verizon.net (out005pub.verizon.net [206.46.170.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC33C43D39 for ; Fri, 18 Feb 2005 05:01:54 +0000 (GMT) (envelope-from ringworm01@gmail.com) Received: from ringworm.mechee.com ([4.26.84.7]) by out005.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050218050154.NHYU4700.out005.verizon.net@ringworm.mechee.com> for ; Thu, 17 Feb 2005 23:01:54 -0600 Received: by ringworm.mechee.com (Postfix, from userid 1001) id 8AAE82CE7D2; Thu, 17 Feb 2005 20:57:34 -0800 (PST) From: "Michael C. Shultz" To: freebsd-questions@freebsd.org Date: Thu, 17 Feb 2005 20:57:29 -0800 User-Agent: KMail/1.7.2 References: <1108469888.4211e880197ca@mail.online.ie> <1108546011.421311db8f10b@mail.online.ie> <447jl7qnrg.fsf@be-well.ilk.org> In-Reply-To: <447jl7qnrg.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200502172057.32483.ringworm01@gmail.com> X-Authentication-Info: Submitted using SMTP AUTH at out005.verizon.net from [4.26.84.7] at Thu, 17 Feb 2005 23:01:54 -0600 Subject: Re: Operation: "ipfw on a gateway box" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ringworm01@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2005 05:01:55 -0000 On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote: > > > Does anything work *without* the firewall? > > > > Yes, before I started messing with the firewall I had squid > > set up, I set up FreeBSD as a gateway and also as a DNS > > server. I could acces the WWW, ftp, telnet and all the > > other services at will, inside and outside my home LAN. > > Try temporarily setting the firewall to just pass everything > ("ipfw add 1 allow ip from any to any") and see if you can still get > out through it. I'm guessing something else may be messed up now. If he is using it as a gateway for other machines he will still need NAT. Try this to open the fire wall up: public="xl0" private="xl1" loopBack="lo0" ipfw add 00100 allow all from any to any via $private ipfw add 00110 allow all from any to any via $loopBack # # Net Address Translate (NAT) incomming packets # ipfw add 00120 divert natd ip from any to any in via $public # # Net Address Translate (NAT) out going packets # ipfw add 01000 divert natd ip from any to any out via $public ipfw add 01010 allow ip from any to any I just clipped these from my rules, thats why the weird numbering scheme. -Mike