Date: Tue, 30 Jan 2001 00:11:04 -0800 (PST) From: Trevin Chow <tmchow@sfu.ca> To: <questions@freebsd.org> Subject: NAT doesn't work? Telnet neither! Message-ID: <Pine.GSO.4.30.0101300008230.27334-100000@fraser.sfu.ca>
next in thread | raw e-mail | index | archive | help
I wrote to the list about my NAT problems and on the advice of some of the list members, I've been trying to log the traffic to see what rules in my firewall are perhaps causing problems. Well I still haven't figured it out, but I found out today I can't even telnet out of the box.. well it reaches the external host okay and says its connected, but right before the "login:" prompt comes up, it says "Connection closed by foreign host". I've zero'd out my ipfw counts and just tried doing a telnet to an external host. Here's the output: 00100 9 398 divert 8668 ip from any to any via dc0 00100 4 526 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 8 354 allow tcp from any to any established 00400 1 44 allow ip from any to any out xmit dc0 00500 0 0 allow ip from any to any via fxp0 00600 0 0 allow ip from any to any via fxp1 00700 0 0 allow tcp from any to any in recv dc0 established 00800 0 0 allow tcp from any to 209.53.60.139 2626 setup 00900 0 0 allow log logamount 100 tcp from any to 209.53.60.139 2627 in recv dc0 setup 01000 0 0 allow tcp from any to 209.53.60.139 80 setup 01100 0 0 allow tcp from any to 209.53.60.139 25 setup 01200 0 0 allow udp from any to any 01300 0 0 allow udp from any to any 53 via dc0 01400 0 0 allow udp from any to 209.53.60.139 53 01500 0 0 allow udp from 209.53.60.139 53 to any 01600 0 0 allow tcp from any to 209.53.60.139 53 setup 01700 0 0 deny log logamount 100 tcp from any to any in recv dc0 setup 01800 0 0 allow icmp from any to any via fxp0 01900 0 0 allow icmp from any to any via fxp1 02000 0 0 allow icmp from any to any in recv dc0 icmptype 0 02100 0 0 allow icmp from any to any out xmit dc0 icmptype 8 02200 0 0 allow udp from any to any 33434-33523 out xmit dc0 02300 0 0 allow icmp from any to any via dc0 icmptype 3,4,11,12 65532 0 0 deny log logamount 100 udp from any to any 65533 0 0 deny icmp from any to any 65534 0 0 deny log logamount 100 ip from any to any 65535 0 0 deny ip from any to any Hopefully we can figure out what's wrong with my telnet capability and then I'll be able to figure out what's wrong with NAT. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.30.0101300008230.27334-100000>