From owner-freebsd-questions Tue Jul 13 7:31:29 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132]) by hub.freebsd.org (Postfix) with ESMTP id 727441535B for ; Tue, 13 Jul 1999 07:31:17 -0700 (PDT) (envelope-from thierry.herbelot@alcatel.fr) Received: from aifhs2.alcatel.fr (mailhub.alcatel.fr [155.132.180.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id PAA17593; Tue, 13 Jul 1999 15:27:05 +0200 Received: from lune.telspace.alcatel.fr (lune.telspace.alcatel.fr [155.132.144.65]) by aifhs2.alcatel.fr (ALCANET/SMTP2) with ESMTP id QAA04744; Tue, 13 Jul 1999 16:24:29 +0200 (MET DST) Received: from telss1 (telss1.telspace.alcatel.fr [155.132.51.4]) by lune.telspace.alcatel.fr (8.9.1a/8.9.1) with ESMTP id QAA29958; Tue, 13 Jul 1999 16:11:15 +0200 (MEST) Received: from alcatel.fr by telss1 (8.8.8+Sun/SMI-SVR4) id QAA01557; Tue, 13 Jul 1999 16:18:29 +0200 (MET DST) Message-ID: <378B4B99.71FA7B10@alcatel.fr> Date: Tue, 13 Jul 1999 16:22:17 +0200 From: Thierry Herbelot Reply-To: thierry.herbelot@alcatel.fr Organization: ALCATEL CIT Nanterre X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: kori Cc: freebsd-questions@FreeBSD.ORG Subject: Re: stupid and probable very simple problem with ipfw References: <12741.990713@mail.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The rc.firewall script you use has most certainly a bug : the lines prohibiting 192.168.x.y addresses are executed after natd/divert rules, so the packets after IP address translation are discarded (my solution was to comment out the ipfw rules controlling IP spoofing for 192.168.x.y in the "simple" fw settings) TfH Kori wrote: > > Hello , > > Sorry for wasting your time > I've stupid and probable very simple problem: > I use FreeBSD (2.2.8 stable) > when I choose in rc.firewall type of firewall simple and > fill other necessary fields: > then restart computer > > #ping www.com > #natd:failed to write packet back (Permission denied) > > #ping 10.0.0.3 > #ping:sendto:Permission denied > > #ping (my outside inet address) > it's working good > > #ping (my inside inet address) > it's working good > > #ping 127.0.0.1 > it's working good > > if I choose in rc.firewall type of firewall open and > restart computer > > all working good! > What's my simple mistake? > > Best regards, > Sergey Kornienko > mailto:kori@mail.ru > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message