Date: Sat, 16 Dec 2000 13:53:49 +0100 From: Matthias Heidbrink <mh@cs.tu-berlin.de> To: Boris <koester@x-itec.de>, freebsd-isdn@freebsd.org Subject: Re: Firewall Problem with i4b 0.90.1 / FreeBSD 4.0 - Sample configuration? Message-ID: <20001216135348.A29752@nicky.cs.tu-berlin.de> In-Reply-To: <31110682042.20001215214854@x-itec.de>; from koester@x-itec.de on Fri, Dec 15, 2000 at 09:48:54PM -0800 References: <20001215211303.C25371@nicky.cs.tu-berlin.de> <31110682042.20001215214854@x-itec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Boris, > MH> When I start natd in verbose mode and start lynx (Ports 53 and 80 should be allowed), > MH> I get the following error message: > > MH> -------- > MH> Out [UDP] [UDP] 0.0.0.0:1518 -> 195.88.140.15:53 aliased to > MH> [UDP] 0.0.0.0:1518 -> 195.88.140.15:53 > MH> natd: failed to write packet back: Permission denied > MH> ------- > > At first, what does "ipfw show" gives you for output if everything is > enabled and if you get the permission denied? ----------------------- 00100 13 778 divert 8668 ip from any to any via isp0 00100 60 4200 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 192.168.99.0/24 to any in recv isp0 00400 0 0 deny ip from 0.0.0.0/24 to any in recv rl0 00500 0 0 deny ip from 10.0.0.0/8 to any via isp0 00600 0 0 deny ip from any to 10.0.0.0/8 via isp0 00700 0 0 deny ip from 172.16.0.0/12 to any via isp0 00800 0 0 deny ip from any to 172.16.0.0/12 via isp0 00900 0 0 deny ip from 192.168.0.0/16 to any via isp0 01000 0 0 deny ip from any to 192.168.0.0/16 via isp0 01100 10 598 deny ip from 0.0.0.0/8 to any via isp0 01200 0 0 deny ip from any to 0.0.0.0/8 via isp0 01300 0 0 deny ip from 169.254.0.0/16 to any via isp0 01400 0 0 deny ip from any to 169.254.0.0/16 via isp0 01500 0 0 deny ip from 192.0.2.0/24 to any via isp0 01600 0 0 deny ip from any to 192.0.2.0/24 via isp0 01700 0 0 deny ip from 224.0.0.0/4 to any via isp0 01800 0 0 deny ip from any to 224.0.0.0/4 via isp0 01900 0 0 deny ip from 240.0.0.0/4 to any via isp0 02000 0 0 deny ip from any to 240.0.0.0/4 via isp0 02100 862 40133 allow tcp from any to any established 02200 0 0 allow ip from any to any frag 02300 0 0 allow tcp from any to 0.0.0.1 25 setup 02400 0 0 allow tcp from any to 0.0.0.1 53 setup 02500 0 0 allow udp from any to 0.0.0.1 53 02600 0 0 allow udp from 0.0.0.1 53 to any 02700 0 0 allow tcp from any to 0.0.0.1 80 setup 02800 0 0 deny log logamount 100 tcp from any to any in recv isp0 setup 02900 2 88 allow tcp from any to any setup 03000 0 0 allow udp from any 53 to 0.0.0.1 03100 0 0 allow udp from 0.0.0.1 to any 53 03200 0 0 allow udp from any 123 to 0.0.0.1 03300 0 0 allow udp from 0.0.0.1 to any 123 65535 0 0 allow ip from any to any ----------------------- > After clearing the rules, we go to step 2, and maybe we need to do a > little tricky to reset the nat-daemon, but details later. I'm curious what you'll find out. Ciao, Matthias -- Matthias Heidbrink E-Mail: Bundesratufer 12 Matthias_Heidbrink@b.maus.de 10555 Berlin, Germany mh@cs.tu-berlin.de Tel. +49-30-8536361 Mobil +49-179-3981150 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001216135348.A29752>