Date: Mon, 15 Sep 2003 21:25:51 +0800 From: Robert Storey <y2kbug@ms25.hinet.net> To: freebsd-questions@freebsd.org Subject: Re: firewall Message-ID: <20030915212551.13a47734.y2kbug@ms25.hinet.net> In-Reply-To: <20030915035239.GB89689@kongemord.krig.net> References: <20030914172715.20a91c69.y2kbug@ms25.hinet.net> <20030915035239.GB89689@kongemord.krig.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Sep 2003 23:52:40 -0400
"Bob Hall" <rjhjr@cox.net> wrote:
> Could you be more specific about what doesn't work? Have you tried
> ping and traceroute? nslookup? HTTP? Sometimes when people are having
> trouble, it turns out that they are having trouble with specific apps,
> but otherwise can connect successfully.
>
> It looks like you're using the CLIENT ruleset from the default
> rc.firewall. If this firewall is for a LAN, you will have more success
> with the SIMPLE ruleset. (I made the same mistake the first time I set
> up a LAN firewall.)
Thanks, that was a good suggestion (to use the SIMPLE ruleset). However,
I'm still not getting through with PPP. Here is the output of ifconfig
when I'm online:
bob@sonic:~> ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::20c:6eff:fe0a:ca02%vr0 prefixlen 64 scopeid 0x1
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:0c:6e:0a:ca:02
media: Ethernet autoselect (none)
status: no carrier
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
inet 61.227.219.11 --> 168.95.46.33 netmask 0xff000000
AND the result of a ping:
bob@sonic:~> ping slashdot.org
ping: cannot resolve slashdot.org: Host name lookup failure
This is my current configuration in /etc/rc.firewall:
# set these to your outside interface network and netmask and ip
oif="ppp0"
onet="168.95.0.0"
omask="255.255.255.255"
oip="168.95.0.0"
# set these to your inside interface network and netmask and ip
iif="vr0"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.2"
Again, my internal (ethernet) network is accessible, but PPP is
completely dead to the world. When I remove the firewall, it works fine,
so it's not an issue of PPP incorrectly configured.
Hope somebody can help. Again, I confess that I don't know much about
writing firewall rules. All I really want is to use the default set of
rules called "simple".
Thanks to all who have replied.
best regards,
Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030915212551.13a47734.y2kbug>