From owner-freebsd-questions Sun Sep 16 7:48: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp8.xs4all.nl (smtp8.xs4all.nl [194.109.127.134]) by hub.freebsd.org (Postfix) with ESMTP id B319C37B401 for ; Sun, 16 Sep 2001 07:48:04 -0700 (PDT) Received: from xs4.xs4all.nl (xs4.xs4all.nl [194.109.6.45]) by smtp8.xs4all.nl (8.9.3/8.9.3) with ESMTP id QAA05536; Sun, 16 Sep 2001 16:48:02 +0200 (CEST) From: rene@xs4all.nl Received: (from rene@localhost) by xs4.xs4all.nl (8.9.0/8.9.0) id QAA14048; Sun, 16 Sep 2001 16:48:02 +0200 (CEST) Date: Sun, 16 Sep 2001 16:48:02 +0200 To: Fernando Gleiser Cc: questions@freebsd.org Subject: Re: ping fails (setup: pptp, ppp, adsl (xs4all.nl), ipf, IPv4) Message-ID: <20010916164802.I7106@xs4all.nl> References: <20010915204109.G7106@xs4all.nl> <20010915155651.F19439-100000@cactus.fi.uba.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010915155651.F19439-100000@cactus.fi.uba.ar>; from fgleiser@cactus.fi.uba.ar on Sat, Sep 15, 2001 at 03:57:24PM -0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Sep 15, 2001 at 03:57:24PM -0300, Fernando Gleiser wrote: > Please post also your ipf and ipnat conf files. > > > Fer > allrighty; -- /etc/ipf.rules # Let loopback packets through pass in quick on lo0 all pass out quick on lo0 all # Disallow direct access to the Alcatel block out log quick on xl0 from any to 10.0.0.138 port = 21 block out log quick on xl0 from any to 10.0.0.138 port = 23 block out log quick on xl0 from any to 10.0.0.138 port = 80 # Allow all other communication pass out quick on xl0 from 10.0.0.139/32 to 10.0.0.138 pass in quick on xl0 from 10.0.0.138/32 to 10.0.0.139 # Anti-spoofing rules block in log quick on tun0 from 0.0.0.0/8 to any block in log quick on tun0 from 127.0.0.0/8 to any block in log quick on tun0 from 10.0.0.0/8 to any block in log quick on tun0 from 172.16.0.0/12 to any block in log quick on tun0 from 192.168.0.0/16 to any block in log quick on tun0 from 169.254.0.0/16 to any block in log quick on tun0 from 224.0.0.0/3 to any # Own IP address block in log quick on tun0 from 194.109.196.149 to any # Traffic from and to local LAN pass in quick on de0 proto tcp from 192.168.102.0/24 to any keep state pass in quick on de0 proto udp from 192.168.102.0/24 to any keep state pass in quick on de0 proto icmp from 192.168.102.0/24 to any keep state # (additional rules go here that allow access to the gateway) pass out quick on de0 proto tcp from any to 192.168.102.0/24 keep state pass out quick on de0 proto udp from any to 192.168.102.0/24 keep state pass out quick on de0 proto icmp from any to 192.168.102.0/24 keep state # Allow traffic to go out pass out quick on tun0 proto tcp from any to any keep state pass out quick on tun0 proto udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state --- /etc/ipnat.rules map lo0 192.168.102.0/24 -> 0/32 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message