From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 14 21:47:34 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 32DC916A4BF
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Sep 2003 21:47:34 -0700 (PDT)
Received: from smtp01.mrf.mail.rcn.net (smtp01.mrf.mail.rcn.net
	[207.172.4.60])	by mx1.FreeBSD.org (Postfix) with ESMTP id 6BE3943F85
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Sep 2003 21:47:33 -0700 (PDT)
	(envelope-from rjhalljr@starpower.net)
Received: from ms05.mrf.mail.rcn.net ([207.172.4.19])
	by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #4)
	id 19ylGu-0003jy-00
	for freebsd-questions@freebsd.org; Mon, 15 Sep 2003 00:47:32 -0400
Received: from 68.100.111.121
	by ms05.mrf.mail.rcn.net (Mirapoint Messaging Server MOS 3.2.2-GA)
	with HTTP/1.1;
	Mon, 15 Sep 2003 00:47:32 -0400
Date: Mon, 15 Sep 2003 00:47:32 -0400
From: rjhalljr@starpower.net
To: freebsd-questions@freebsd.org
X-Mailer: Webmail Mirapoint Direct 3.2.2-GA
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <E19ylGu-0003jy-00@smtp01.mrf.mail.rcn.net>
Subject: Re: firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2003 04:47:34 -0000

On Sun, Sep 14, 2003 at 11:52:40PM -0400, Bob Hall wrote:
> On Sun, Sep 14, 2003 at 05:27:15PM +0800, Robert Storey 
wrote:
> > Dear All,
> > 
> > I'm having a hard time configuring a firewall. I ALMOST 
understand it,
> > but I've run into one problem. I think I don't actually 
have my
> > /etc/rc.firewall set up properly. Maybe I don't really 
understand what
> > the "ip" setting should be, and I've made it the same as 
my "net"
> > setting. Anyway, what I can say is that with the 
configuration I have, I
> > can access my internal (ethernet) network, but ppp is 
totally blocked,
> > which of course I don't want.
> 
> Could you be more specific about what doesn't work? Have 
you tried ping 
> and traceroute? nslookup? HTTP? Sometimes when people are 
having trouble, 
> it turns out that they are having trouble with specific 
apps, but 
> otherwise can connect successfully.
> 
> It looks like you're using the CLIENT ruleset from the 
default rc.firewall. 
> If this firewall is for a LAN, you will have more success 
with the SIMPLE 
> ruleset. (I made the same mistake the first time I set up a 
LAN firewall.)

I forgot to mention that this is intended as a supplement to 
the previous 
responses. In particular, it looks like you need to set up 
NAT. If that's 
not set up, then nothing will work.

Bob Hall