Date: Wed, 22 Jul 1998 12:27:11 -0400 (EDT) From: purebeef@shaw.wave.ca To: newbies@FreeBSD.ORG, questions@FreeBSD.ORG Subject: using 1 machine (a FreeBSD one) to connect 2 pcs to the net via Message-ID: <XFMail.980722122711.purebeef@shaw.wave.ca>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Hello,
I have been trying to get one of our pc's (my son's), who uses windows to be
able to play starcraft. Unfortunately, when he connects to battle.net he gets a
message about udp packets which are failing.
My configuration is 1 pc with 2 nic cards. One nic card is connected directly
to the cable modem. The other nic card is connected to the hub. Finally, he is
connected to the hub also. Would anyone know what is causing the udp packets to
fail? I have in rc.conf, the firewall set to "open" and am using dhcpc as well
as natd. However, not being well versed on the above two programs, I wonder if
they are not set up right for this.
The following is from ipfw.today:
01010 0 0 deny ip from 127.0.0.0/8 to 127.0.0.0/8
65535 0 0 deny ip from any to any
I don't understand why it shows that. I have attached a copy of rc.firewall
and rc.conf. Hopefully someone out there can tell me where I am going wrong.
Your help is greatly appreciated!!
Thank you in advance,
Lanny Baron
----------------------------------
E-Mail: purebeef@shaw.wave.ca
Date: 22-Jul-98
Time: 12:12:36
This message was sent by XFMail
----------------------------------
[-- Attachment #2 --]
#!/bin/sh
#
# This is rc.conf - a file full of useful variables that you can set
# to change the default startup behavior of your system.
#
# All arguments must be in double or single quotes.
#
# $Id: rc.conf,v 1.1.2.40 1998/03/15 16:39:41 jkh Exp $
##############################################################
### Important initial Boot-time options #####################
##############################################################
swapfile="NO" # Set to name of swapfile if aux swapfile desired.
apm_enable="NO" # Set to YES if you want APM enabled.
pccard_enable="NO" # Set to YES if you want to configure PCCARD devices.
pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address.
pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO).
local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs.
##############################################################
### Network configuration sub-section ######################
##############################################################
### Basic network options: ###
hostname="purebeef" # Set this!
nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="de1 de0 ppp0 lo0" # List of network interfaces (lo0 is loopback).
ifconfig_de1="inet 10.0.0.2 netmask 255.255.255.0"
ifconfig_de0="inet netmask 255.255.255.0"
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
### Network daemon (miscellaneous) & NFS options: ###
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_flags="" # Flags to syslogd (if enabled).
inetd_enable="YES" # Run the network daemon dispatcher (or NO).
inetd_flags="" # Optional flags to inetd.
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # named program, in case we want bind8 instead.
named_flags="-b /etc/namedb/named.boot " # Flags to named (if enabled).
kerberos_server_enable="NO" # Run a kerberos master server (or NO).
kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on
# a slave kerberos server
kerberos_stash="" # Is the kerberos master key stashed?
rwhod_enable="YES" # Run the rwho daemon (or NO).
amd_enable="NO" # Run amd service with $amd_flags (or NO).
amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map "
nfs_client_enable="YES" # This host is an NFS client (or NO).
nfs_client_flags="-n 4" # Flags to nfsiod (if enabled).
nfs_server_enable="NO" # This host is an NFS server (or NO).
nfs_server_flags="-u -t 4" # Flags to nfsd (if enabled).
mountd_flags="-r" # Flags to mountd (if NFS server enabled).
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server.
rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO).
portmap_enable="NO" # Run the portmapper service (or NO).
portmap_flags="" # Flags to portmap (if enabled).
rarpd_enable="NO" # Run rarpd (or NO).
rarpd_flags="" # Flags to rarpd.
xtend_enable="NO" # Run the X-10 power controller daemon.
xtend_flags="" # Flags to xtend (if enabled).
### Network Time Services options: ###
timed_enable="NO" # Run the time daemon (or NO).
timed_flags="" # Flags to timed (if enabled).
ntpdate_enable="NO" # Run the ntpdate to sync time (or NO).
ntpdate_flags="" # Flags to ntpdate (if enabled).
xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO).
xntpd_flags="" # Flags to xntpd (if enabled).
tickadj_enable="NO" # Run tickadj (or NO).
tickadj_flags="-Aq" # Flags to tickadj (if enabled).
# Network Information Services (NIS) options: ###
nis_client_enable="YES" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="NO" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
### Network routing options: ###
defaultrouter="24.64.141.1" # Set to default gateway (or NO).
static_routes="" # Set to static route list (or leave empty).
gateway_enable="YES" # Set to YES if this host will be a gateway.
router_enable="NO" # Set to YES to enable a routing daemon.
router="routed" # Name of routing daemon to use if enabled.
router_flags="-q" # Flags for routing daemon.
mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf).
mrouted_flags="" # Flags for multicast routing daemon.
ipxgateway_enable="NO" # Set to YES to enable IPX routing.
ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon.
ipxrouted_flags="" # Flags for IPX routing daemon.
arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL.
forward_sourceroute="" # do source routing (only if gateway_enable is set to "YES")
accept_sourceroute="" # accept source routed packets to us
##############################################################
### System console options #################################
##############################################################
keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO).
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
keybell="NO" # bell to duration.pitch or normal or visual (or NO).
keychange="NO" # function keys default values (or NO).
cursor="NO" # cursor type {normal|blink|destructive} (or NO).
scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
blanktime="600" # blank time (in seconds) or "NO" to turn it off.
saver="green" # screen saver: blank/daemon/green/snake/star/NO.
moused_enable="YES" # Run the mouse daemon.
moused_type="mouseman" # See man page for rc.conf(5) for available settings.
moused_port="/dev/cuaa0" # Set to your mouse port.
moused_flags="" # Any additional flags to moused.
##############################################################
### Miscellaneous administrative options ###################
##############################################################
cron_enable="YES" # Run the periodic job daemon.
lpd_enable="YES" # Run the line printer daemon.
lpd_flags="" # Flags to lpd (if enabled).
sendmail_enable="YES" # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
dumpdev="NO" # Device name to crashdump to (if enabled).
check_quotas="YES" # Check quotas (or NO).
accounting_enable="YES" # Turn on process accounting (or NO).
ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO).
linux_enable="YES" # Linux emulation loaded at startup (or NO).
rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO).
clear_tmp_enable="NO" # Clear /tmp at startup.
ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths
##############################################################
### Allow local configuration override at the very end here ##
##############################################################
if [ -f /etc/rc.conf.local ]; then
. /etc/rc.conf.local
fi
[-- Attachment #3 --]
############
# Setup system for firewall service.
# $Id: rc.firewall,v 1.6.2.6 1998/02/10 01:45:57 adam Exp $
if [ -f /etc/rc.conf ]; then
. /etc/rc.conf
fi
#/sbin/ipfw -f flush
#/sbin/ipfw add divert natd all from any to any via de0
#/sbin/ipfw add pass all from any to any
#/sbin/ipfw add 2000 divert natd all from any to any via de0
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
# client - will try to protect just this machine
# simple - will try to protect a whole network
# closed - totally disables IP services except via lo0 interface
# UNKNOWN - disables the loading of firewall rules.
# filename - will load the rules in the given filename (full path required)
#
# For ``client'' and ``simple'' the entries below should be customized
# appropriately.
############
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
# Building Internet Firewalls
# Brent Chapman and Elizabeth Zwicky
#
# O'Reilly & Associates, Inc
# ISBN 1-56592-124-0
# http://www.ora.com/
#
# For a more advanced treatment of Internet Security read:
#
# Firewalls & Internet Security
# Repelling the wily hacker
# William R. Cheswick, Steven M. Bellowin
#
# Addison-Wesley
# ISBN 0-201-6337-4
# http://www.awl.com/
#
if [ "x$1" != "x" ]; then
firewall_type=$1
fi
############
# Set quiet mode if requested
if [ "x$firewall_quiet" = "xYES" ]; then
fwcmd="/sbin/ipfw -q"
else
fwcmd="/sbin/ipfw"
fi
############
# Flush out the list before we begin.
$fwcmd -f flush
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# they you will want to change the default policy to open. You can also
# do this as your only action by setting the firewall_type to ``open''.
$fwcmd add 65000 pass all from any to any
/sbin/ipfw add 2000 divert natd all from any to any via de0
############
# Only in rare cases do you want to change these rules
$fwcmd add 1000 pass all from any to any via lo0
$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8
# Prototype setups.
if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
$fwcmd add 65000 pass all from any to any
elif [ "${firewall_type}" = "client" ]; then
############
# This is a prototype setup that will protect your system somewhat against
# people from outside your own network.
############
# set these to your network and netmask and ip
net="192.168.4.0"
mask="255.255.255.0"
ip="192.168.4.17"
# Allow any traffic to or from my own net.
$fwcmd add pass all from ${ip} to ${net}:${mask}
$fwcmd add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established
# Allow setup of incoming email
$fwcmd add pass tcp from any to ${ip} 25 setup
# Allow setup of outgoing TCP connections only
$fwcmd add pass tcp from ${ip} to any setup
# Disallow setup of all other TCP connections
$fwcmd add deny tcp from any to any setup
# Allow DNS queries out in the world
$fwcmd add pass udp from any 53 to ${ip}
$fwcmd add pass udp from ${ip} to any 53
# Allow NTP queries out in the world
$fwcmd add pass udp from any 123 to ${ip}
$fwcmd add pass udp from ${ip} to any 123
# Everything else is denied as default.
elif [ "${firewall_type}" = "simple" ]; then
############
# This is a prototype setup for a simple firewall. Configure this machine
# as a named server and ntp server, and point all the machines on the inside
# at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.168.4.0"
omask="255.255.255.0"
oip="192.168.4.17"
# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.168.3.0"
imask="255.255.255.0"
iip="192.168.3.17"
# Stop spoofing
$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
$fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif}
$fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}
# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established
# Allow setup of incoming email
$fwcmd add pass tcp from any to ${oip} 25 setup
# Allow access to our DNS
$fwcmd add pass tcp from any to ${oip} 53 setup
# Allow access to our WWW
$fwcmd add pass tcp from any to ${oip} 80 setup
# Reject&Log all setup of incoming connections from the outside
$fwcmd add deny log tcp from any to any in via ${oif} setup
# Allow setup of any other TCP connection
$fwcmd add pass tcp from any to any setup
# Allow DNS queries out in the world
$fwcmd add pass udp from any 53 to ${oip}
$fwcmd add pass udp from ${oip} to any 53
# Allow NTP queries out in the world
$fwcmd add pass udp from any 123 to ${oip}
$fwcmd add pass udp from ${oip} to any 123
# Everything else is denied as default.
elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then
$fwcmd ${firewall_type}
fi
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980722122711.purebeef>