Date: Tue, 8 Feb 2000 07:11:26 -0800 From: Chip <chip@wiegand.org> To: keramida@ceid.upatras.gr Cc: questions@freebsd.org Subject: Re: rc.firewall problem - More info supplied Message-ID: <00020807185200.00840@firewall.homenet>
next in thread | raw e-mail | index | archive | help
Okay, I took care of the rc.firewall file, though it does have references to ipnumbers that don't match my network, so I did change those. I hope that was okay. I still have a problem though. When I try to ping another machine on my network I get the following message: ping: sendto: Permission denied I can ping the nics in that machine though. I believe this may be because icmp is blocked by the firewall? So then I load kde and netscape and netscape can't connect to any site. I run ifconfig -a and both nics are shown with the proper ip #'s.When I run netstat -rn I get this info - default 208.194.173.26 mx0 127.0.0.1 127.0.0.1 lo0 192.168 link#1 pn0 192.168.0.1 0:a0:cc:28:d0:a lo0 192.168.0.5 0:20:78:e0:aa:2c pn0 208.194.173/25 link#2 mx0 208.194.173.26 0:a0:cc:e4:87:a5 lo0 What's most interesting is 192.168.0.5 which is the ip of a pc in the basement, that number has nothing to do with the machine this is running on, and what's with the 208.194.173/25? I didn't enter that anywhere also. The interfaces are as follows - mx0 is outside world nic 208.194.173.26 pn0 is homenet nic 192.168.0.1 Follows is my rc.conf - # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. # -- sysinstall generated deltas -- # hostname="chip.wiegand.org" ifconfig_pn0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_mx0="inet 208.194.173.26 netmask 255.255.255.128" defaultrouter="208.194.173.26" static_routes="" gateway_enable="YES" linux_enable="YES" moused_enable="YES" network_interfaces="pn0 mx0 lo0" firewall_enable="YES" firewall_type="simple" natd_interface="mx0" I hope this info helps. If nothing else, I can always reinstall from scratch, there's nothing on the hd yet besides bsd, so that would be no big deal. Chip W On Mon, 07 Feb 2000, Giorgos Keramidas wrote: > On Sat, Feb 05, 2000 at 11:13:30PM -0800, Chip Wiegand wrote: > > > > I set up ipfirewall exactly as specified in The complete FreeBSD 3.3 > > book for the 'simple' firewall profile. First problem was when I > > rebooted I got a message about a line in the rc.firewall that wasn't > > recognized - it didn't like ' elif [..... etc]; then ' (page 504), > > and I got prompt that the system couldn't find the path to the shell, > > I had to enter it or hit enter. I did. > > > > Then edited rc.firewall ... > [snip] > > You're not supposed to edit or modify in any way rc.firewall, well, at > least most of the time. Let's see how you can start fixing things... > > For a starters, restore your /etc/rc.firewall by copying over it the > original from /usr/src/etc/rc.firewall. This will get your rc.firewall > script in it's original shape, and you'll be able to set the thing up > properly. > > Then, you need to copy the following lines of /etc/defaults/rc.conf into > your /etc/rc.conf file: > > firewall_enable="NO" > firewall_type="UNKNOWN" > > to enable the ipfw firewall at boot time, change these lines to look > like the following [make the changes ONLY in /etc/rc.conf]: > > firewall_enable="YES" > firewall_type="simple" > > Optionally, you might want to set firewall_quiet to YES, to disable the > printing of the actual firewall rules. Do this by adding the following > line to your /etc/rc.conf: > > firewall_quiet="YES" > > For more information on writing your own rule-set, and a few really > basic examples of using ipfw, you can always take a look at: > > <http://students.ceid.upatras.gr/~keramida/freebsd/ipfw.html>; > OR <http://students.ceid.upatras.gr/~keramida/freebsd/ipfw-closed.html>; > > Ciao. > > -- > Giorgos Keramidas, < keramida @ ceid . upatras . gr > > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr > PGP fingerprint, phone and address in the headers of this message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00020807185200.00840>