From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 14:57:23 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B445A16A4CE for ; Mon, 5 Jul 2004 14:57:23 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EC1B43D1F for ; Mon, 5 Jul 2004 14:57:23 +0000 (GMT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta9.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040705145722.REMM23406.mta9.adelphia.net@barbish>; Mon, 5 Jul 2004 10:57:22 -0400 From: "JJB" To: "Gene Bomgardner" , Date: Mon, 5 Jul 2004 10:57:21 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 In-Reply-To: Importance: Normal Subject: RE: IPF problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2004 14:57:23 -0000 You seem to be confused between ipfw and ipf. These are two different firewall software application which are built into the FreeBSD operating system. You may want to read the new rewrite of the Freebsd handbooks firewall section which is currently available at www.a1poweruser.com/FBSD_firewall/ which does an far better job of describing how to configure the and use the 2 different firewall software applications. The Freebsd doc group has downloaded this manuscript and working on it to replace what is currently in the handbook. The IPFILTER section has been made into an separate manuscript for release to the open source community where ipfilter is very popular. It's temporally available from www.a1poweruser.com/FBSD_ipfilter/ -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Gene Bomgardner Sent: Monday, July 05, 2004 9:12 AM To: Freebsd-questions@freebsd.org Subject: IPF problems HI I've recompiled 5.2.1 kernel to include firewall options for natd. I've discovered that once I did so, I can no longer communicate in or out of the fbsd box. The firewall defaults to accept_all (I checked this) Then I found that if I disable ipf (i.e. 'ipf -D") I can now communicate. >From /etc/rc.conf and /etc/defaults/rc.conf : ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter >From /etc/ipf.rules : pass in all pass out all the questions are : 1) If ipfilter_enable is NO, why is it running at all? Is it needed for nat? 2) Even if it is running, why does it not follow its rules and pass all? Any help appreciated. thanks Gene _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"