Date: Mon, 09 Feb 2004 10:28:04 -0700 From: Joe Lewis <joe@joe-lewis.com> To: listmail@brightstar.ath.cx Cc: freebsd-questions@freebsd.org Subject: Re: Server connectivity problem (firewall?) Message-ID: <4027C324.9000904@joe-lewis.com> In-Reply-To: <402754EA.22800.187E1419@localhost> References: <402754EA.22800.187E1419@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
listmail@brightstar.ath.cx wrote: [SNIP] > ================ >>From /etc/rc.conf: > > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > firewall_logging="YES" # Set to YES to enable events logging > firewall_flags="" # Flags passed to ipfw when type is a file > ipfilter_enable="YES" # Set to YES to enable ipfilter functionality > ipfilter_program="/sbin/ipf" # where the ipfilter program lives > ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see > # /usr/src/contrib/ipfilter/rules for examples > ipfilter_flags="" # additional flags for ipfilter [SNIP] > 00050 298 29652 divert 8668 ip from any to any via rl0 Me thinks this is a NAT issue. Do you have natd_enable="YES" in the rc.conf? If it tries to divert to NAT and NAT isn't running, ANYTHING on rl0 will fail (or at least should fail - I could be wrong on that, but it should give you a pointer to check on). > IPF is also running (I can't recall why) with the following rules: > pass in all > pass out all > > If I remove it from rc.conf I lose the ability to contect via dc0 as well. That is because it will deny by default. Make sure it's not enabled in the sysctl configuration, and then you should be able to remove the ipf rules. Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4027C324.9000904>