From owner-freebsd-questions@FreeBSD.ORG Sun Jul 18 07:55:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 380CB16A4CE for ; Sun, 18 Jul 2004 07:55:12 +0000 (GMT) Received: from web52501.mail.yahoo.com (web52501.mail.yahoo.com [206.190.39.122]) by mx1.FreeBSD.org (Postfix) with SMTP id DEAE843D39 for ; Sun, 18 Jul 2004 07:55:11 +0000 (GMT) (envelope-from freebsder51@yahoo.com) Message-ID: <20040718075511.75494.qmail@web52501.mail.yahoo.com> Received: from [67.68.51.2] by web52501.mail.yahoo.com via HTTP; Sun, 18 Jul 2004 00:55:11 PDT Date: Sun, 18 Jul 2004 00:55:11 -0700 (PDT) From: freebsder To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: FreeBSD 5.1 <-> WinXP Networking Problem UPDATE #2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2004 07:55:12 -0000 Hi Chuck, Thanks for the suggestions. First off - there was actually a typo in the line: firewall_script="/etc/rc/firewall I changed it to: firewall_script="/etc/rc.firewall" However, it made no difference to the WinXP box ability to connect. Next I tried commenting out that line altogether but it still did not work(!) It would not go online. I then checked out rc.firewall asper you suggestion and looked under OPEN ... This is what I found::: ############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # then you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. # #${fwcmd} add 65000 pass all from any to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) setup_loopback ${fwcmd} add 65000 pass all from any to any ;; [...] Do you see a problem in this set-up? I am considering setting it up in SIMPLE mode but I want to be able to run the machine in OPEN mode before I get too fancy with security and firewalls ... you know? Thanks again for you help ... please advise. freebsder wrote: > This is what I get: > > # ipfw -a list > 00100 49820 12066079 allow ip from any to any > 00100 0 0 allow tcp from any to any > 65535 2 96 deny ip from any to any > > The Second and Third lines don't seem right.. What do > I need to do correct the problem here. The line here: >> firewall_script="/etc/rc/firewall" ...tells IPFW to use a config file that doesn't contain enough useful rules. Comment out that line, and examine /etc/rc.firewall instead, and reboot. Then take a look at the rules being loaded by the OPEN firewall type, which should include a divert rule... -- -Chuck __________________________________ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/