Date: Mon, 28 Jun 1999 18:16:05 +0200 From: Thierry Herbelot <Thierry.Herbelot@alcatel.fr> To: "David B. Aas" <dave@ciminot.com> Cc: questions <questions@freebsd.org> Subject: Re: ipfw & natd -www packets? Message-ID: <37779FC5.FE60ECFF@telspace.alcatel.fr> References: <000201bec17d$b2716040$0fc8a8c0@dave.ciminot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
First, you MUST keep questions CC'ed, else, this is consulting, and this ain't cheap you have to dig a bit further into your problem (there is not enough info here). you must : - run netstat -nr on all your machines (are your routes set correctly ?) - run ipfw show (what are exactly your firewall rules ?) - tell what version of FreeBSD you are runnning (uname -a) - run tcpdump on both successful and failing connections - describe **very** precisely your network setup (with an ASCII-art drawing if possible) TfH PS : for all commands used, there is a specific manual page which you should read "David B. Aas" wrote: > > Thanks- > > I already have a simple definition set up. I went with all of the defaults, > and was not able to do anything unless I opened it up, which is not what I > wanted. I found I could ping if I added a statement to allow icmp. > > I now have a "simple" firewall with the default rules plus a rule to allow > icmp. It has two network cards in it. I can ping out from the server to the > world, and I can run whois from the command prompt and get a response. From > a workstation I can ping ip numbers on both NICS, the router and the > Internet. I cannont ping a domain name, and I cannot access the Internet > from a workstation, using my FreeBSD computer as my default gateway, and my > workstation on the same subnet as my FreeBSD box. > > I would appreciate your thoughts. > > Dave > > > -----Original Message----- > > From: Thierry.Herbelot@alcatel.fr [mailto:Thierry.Herbelot@alcatel.fr] > > Sent: Monday, June 28, 1999 9:57 AM > > To: David B. Aas > > Cc: questions@FreeBSD.ORG > > Subject: Re: ipfw & natd -www packets? > > > > > > Heloo, > > > > The "simple" type of firewall, as defined in /etc/rc.firewall of a > > recent FreeBSD does allow what you want. > > You just add : firewall_type="simple" to your /etc/rc.conf, and you > > should be done (anyway, all of this is controlled by relativly easy to > > understand scripts, so you should be able to adapt these scripts) > > > > TfH > > > > "David B. Aas" wrote: > > > > > > I ALMOST have my firewall working. I could not ping until i > > added an allow > > > statement to pass ICMP packets. > > > > > > Now I need to get my Windoze computers to access the > > Internet thru my > > > FreeBSD firewall. I am not running DNS or Web services on > > FreeBSD. I only > > > want to pass packets thru natd. > > > > > > Is there a port number that I should use. I tried a rule > > "allow tcp from any > > > to any 80", but it didn't help. > > > > > > Any ideas? > > > > > > Dave Aas > > > dave@ciminot.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > -- > > Thierry Herbelot <thierry.herbelot@alcatel.fr> > > (+33) 1 46 52 47 23 > > http://perso.cybercable.fr/herbelot > > -- Thierry Herbelot <thierry.herbelot@alcatel.fr> (+33) 1 46 52 47 23 http://perso.cybercable.fr/herbelot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37779FC5.FE60ECFF>