From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 14 20:52:42 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 574B416A4BF
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Sep 2003 20:52:42 -0700 (PDT)
Received: from lakemtao03.cox.net (lakemtao03.cox.net [68.1.17.242])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 535EE43FAF
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Sep 2003 20:52:41 -0700 (PDT)	(envelope-from rjhjr@cox.net)
Received: from kongemord.krig.net ([68.100.111.121]) by lakemtao03.cox.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
          id <20030915035240.YLLT9576.lakemtao03.cox.net@kongemord.krig.net>
          for <freebsd-questions@freebsd.org>;
          Sun, 14 Sep 2003 23:52:40 -0400
Received: by kongemord.krig.net (sSMTP sendmail emulation);
	Sun, 14 Sep 2003 23:52:40 -0400
From: "Bob Hall" <rjhjr@cox.net>
Date: Sun, 14 Sep 2003 23:52:40 -0400
To: freebsd-questions@freebsd.org
Message-ID: <20030915035239.GB89689@kongemord.krig.net>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <20030914172715.20a91c69.y2kbug@ms25.hinet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030914172715.20a91c69.y2kbug@ms25.hinet.net>
User-Agent: Mutt/1.4.1i
Subject: Re: firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2003 03:52:42 -0000

On Sun, Sep 14, 2003 at 05:27:15PM +0800, Robert Storey wrote:
> Dear All,
> 
> I'm having a hard time configuring a firewall. I ALMOST understand it,
> but I've run into one problem. I think I don't actually have my
> /etc/rc.firewall set up properly. Maybe I don't really understand what
> the "ip" setting should be, and I've made it the same as my "net"
> setting. Anyway, what I can say is that with the configuration I have, I
> can access my internal (ethernet) network, but ppp is totally blocked,
> which of course I don't want.

Could you be more specific about what doesn't work? Have you tried ping 
and traceroute? nslookup? HTTP? Sometimes when people are having trouble, 
it turns out that they are having trouble with specific apps, but 
otherwise can connect successfully.

It looks like you're using the CLIENT ruleset from the default rc.firewall. 
If this firewall is for a LAN, you will have more success with the SIMPLE 
ruleset. (I made the same mistake the first time I set up a LAN firewall.)

Bob Hall