From owner-freebsd-questions@FreeBSD.ORG  Tue Jun  1 14:57:17 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1401616A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jun 2004 14:57:17 -0700 (PDT)
Received: from hotmail.com (bay2-f47.bay2.hotmail.com [65.54.247.47])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0695A43D1F
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jun 2004 14:57:17 -0700 (PDT)
	(envelope-from missive@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 1 Jun 2004 14:57:12 -0700
Received: from 208.186.54.187 by by2fd.bay2.hotmail.msn.com with HTTP;
	Tue, 01 Jun 2004 21:57:12 GMT
X-Originating-IP: [208.186.54.187]
X-Originating-Email: [missive@hotmail.com]
X-Sender: missive@hotmail.com
From: "Lee Harr" <missive@hotmail.com>
To: freebsd-questions@freebsd.org
Date: Tue, 01 Jun 2004 21:57:12 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY2-F475HL590LZ6Od00023b8a@hotmail.com>
X-OriginalArrivalTime: 01 Jun 2004 21:57:12.0333 (UTC)
	FILETIME=[64ACFBD0:01C44823]
Subject: Re: IPFW Ruleset Help
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2004 21:57:17 -0000

>Hello. Running FreeBSD 4.10. After I reboot with my
>new ipfw.rules I can't load any webpages. I didn't try
>by IP address cause I can't remember any off top at
>the moment.


Is the firewall logging working?

You need lines in your syslog.conf like ...

!ipfw
*.*                                             /var/log/ipfw.log



Then you can tail -f /var/log/ipfw.log

and try to access the web page. You should see packets being
blocked and figure out which rules are wrong / which rules you
need to add.

>add 00310 allow tcp from 205.152.133.254 to any in
>recv xl0
>add 00311 allow tcp from 205.152.132.235 to any in
>recv xl0
>
>add 00320 allow udp from 205.152.133.254 53 to any in
>recv xl0
>add 00321 allow udp from 205.152.132.235 53 to any in
>recv xl0
>


You let the DNS responses in, but I do not see any place
where you let your requests out.

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail