From owner-freebsd-questions@FreeBSD.ORG Mon Sep 15 06:23:17 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A432C16A4C0 for ; Mon, 15 Sep 2003 06:23:17 -0700 (PDT) Received: from msr23.hinet.net (msr23.hinet.net [168.95.4.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CE8C43FE5 for ; Mon, 15 Sep 2003 06:23:16 -0700 (PDT) (envelope-from y2kbug@ms25.hinet.net) Received: from sonic.utopia.com (61-227-219-65.HINET-IP.hinet.net [61.227.219.65]) by msr23.hinet.net (8.9.3/8.9.3) with SMTP id VAA08320 for ; Mon, 15 Sep 2003 21:23:12 +0800 (CST) Date: Mon, 15 Sep 2003 21:25:51 +0800 From: Robert Storey To: freebsd-questions@freebsd.org Message-Id: <20030915212551.13a47734.y2kbug@ms25.hinet.net> In-Reply-To: <20030915035239.GB89689@kongemord.krig.net> References: <20030914172715.20a91c69.y2kbug@ms25.hinet.net> <20030915035239.GB89689@kongemord.krig.net> X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 13:23:17 -0000 On Sun, 14 Sep 2003 23:52:40 -0400 "Bob Hall" wrote: > Could you be more specific about what doesn't work? Have you tried > ping and traceroute? nslookup? HTTP? Sometimes when people are having > trouble, it turns out that they are having trouble with specific apps, > but otherwise can connect successfully. > > It looks like you're using the CLIENT ruleset from the default > rc.firewall. If this firewall is for a LAN, you will have more success > with the SIMPLE ruleset. (I made the same mistake the first time I set > up a LAN firewall.) Thanks, that was a good suggestion (to use the SIMPLE ruleset). However, I'm still not getting through with PPP. Here is the output of ifconfig when I'm online: bob@sonic:~> ifconfig vr0: flags=8843 mtu 1500 inet6 fe80::20c:6eff:fe0a:ca02%vr0 prefixlen 64 scopeid 0x1 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:0c:6e:0a:ca:02 media: Ethernet autoselect (none) status: no carrier lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8051 mtu 1524 inet 61.227.219.11 --> 168.95.46.33 netmask 0xff000000 AND the result of a ping: bob@sonic:~> ping slashdot.org ping: cannot resolve slashdot.org: Host name lookup failure This is my current configuration in /etc/rc.firewall: # set these to your outside interface network and netmask and ip oif="ppp0" onet="168.95.0.0" omask="255.255.255.255" oip="168.95.0.0" # set these to your inside interface network and netmask and ip iif="vr0" inet="192.168.0.0" imask="255.255.255.0" iip="192.168.0.2" Again, my internal (ethernet) network is accessible, but PPP is completely dead to the world. When I remove the firewall, it works fine, so it's not an issue of PPP incorrectly configured. Hope somebody can help. Again, I confess that I don't know much about writing firewall rules. All I really want is to use the default set of rules called "simple". Thanks to all who have replied. best regards, Robert