Date: Mon, 05 Jul 2004 13:12:03 +0000 From: "Gene Bomgardner" <glbjr_01@hotmail.com> To: Freebsd-questions@freebsd.org Subject: IPF problems Message-ID: <BAY1-F14raUMTzFm15k0004b65b@hotmail.com>
next in thread | raw e-mail | index | archive | help
HI
I've recompiled 5.2.1 kernel to include firewall options for natd. I've
discovered that once I did so,
I can no longer communicate in or out of the fbsd box.
The firewall defaults to accept_all (I checked this)
Then I found that if I disable ipf (i.e. 'ipf -D") I can now communicate.
>From /etc/rc.conf and /etc/defaults/rc.conf :
ipfilter_enable="NO" # Set to YES to enable ipfilter
functionality
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
# /usr/src/contrib/ipfilter/rules for
examples
ipfilter_flags="" # additional flags for ipfilter
>From /etc/ipf.rules :
pass in all
pass out all
the questions are :
1) If ipfilter_enable is NO, why is it running at all? Is it needed for nat?
2) Even if it is running, why does it not follow its rules and pass all?
Any help appreciated. thanks
Gene
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY1-F14raUMTzFm15k0004b65b>