From owner-freebsd-questions Tue Mar 28 12:55:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 72EAE37BAC3 for ; Tue, 28 Mar 2000 12:55:42 -0800 (PST) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id MAA38173; Tue, 28 Mar 2000 12:55:37 -0800 (PST) (envelope-from Doug@gorean.org) Date: Tue, 28 Mar 2000 12:55:37 -0800 (PST) From: Doug Barton X-Sender: doug@dt051n0b.san.rr.com To: Erik Russell Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Trouble with IPFIREWALL In-Reply-To: <852568B0.006674CD.00@scs-mta1.scs.sungard.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 28 Mar 2000, Erik Russell wrote: > > > I have the following options in my kernel: > > IPFIREWALL > IPFIREWALL_VERBOSE > IPDIVERT > IPFIREWALL_FORWARD > IPFIREWALL_DEFAULT_TO_ACCEPT > > the following in rc.conf: > > firewall_enable="YES" > firewall_type="open" > > the following in rc.firewall: > > ipfw -f flush > ipfw add pass all from any to any > > ipfw list states: > > 00100 allow ip from any to any > 65535 deny ip from any to any > > Any ideas? About what? You didn't tells us what problem you're asking about. :) Assuming that you are asking why the default rule is deny, try compiling without the IPFIREWALL_FORWARD option. I have all the other rules in my gateway machine and it does what's expected. Also, please include the output of uname -a in your reply. Good luck, Doug -- "So, the cows were part of a dream that dreamed itself into existence? Is that possible?" asked the student incredulously. The master simply replied, "Mu." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message