From owner-freebsd-net Sun Aug 20 12:59:24 2000 Delivered-To: freebsd-net@freebsd.org Received: from amazhan.bitstream.net (amazhan.bitstream.net [216.243.128.132]) by hub.freebsd.org (Postfix) with SMTP id C844137B43C for ; Sun, 20 Aug 2000 12:59:21 -0700 (PDT) Received: (qmail 89821 invoked from network); 20 Aug 2000 19:59:20 -0000 Received: from unknown (HELO copper) (216.243.168.19) by amazhan with SMTP; 20 Aug 2000 19:59:20 -0000 Date: Sun, 20 Aug 2000 12:57:59 -0700 From: Dan Debertin X-Sender: airboss@copper.air-boss.net To: Todd Backman Cc: freebsd-net@freebsd.org Subject: Re: Routing firewall w/ipfw questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 19 Aug 2000, Todd Backman wrote: > established connection) but no access from the outside could be > established even after adding as the last rulesets: > > allow ip from any to any If you are inserting this rule onto the end of your ruleset, you're still going through all of your other rules before getting to this one. Given that we're just trying to get the routing working, you're better off turning off firewalling completely with: sysctl -w net.inet.ip.fw.enable=0 Once we get routing working from inside out, and from outside in, we can throw ipfw back into the mix. If that doesn't work, perhaps an ASCII drawing of your network, with the relevant addresses (converted into made-up ones, of course), etc., would be helpful. ~Dan D. -- ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message