Date: Thu, 3 Dec 1998 18:42:48 -0800 (PST) From: Dan Busarow <dan@dpcsys.com> To: Briang <brian@briang.org> Cc: FreeBSD <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFW Message-ID: <Pine.BSF.3.96.981203183550.4276B-100000@java.dpcsys.com> In-Reply-To: <003001be1f2b$e595b100$2900a8c0@brian-desktop.briang.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Dec 1998, Briang wrote: > I have DNS and NATD running with IPFW -> FXP0 -> Internet / 24.1.8x.xxx > FXP1-> Private / 192.168.0.1. > Well this is what I dont understand if I try to ping www.briang.org it > replys fine but if I try to open > www.briang.org inside netscape it times out saying it cant find the > website...Hmmmm > So I added this line to the rc.firewall file > """ $fwcmd add divert 6668 all from 192.168.0.0/24 to any via fxp1 """ > and now I can open the website but snmp service tells me that is cant no > longer find the interface for 24.1.8x.xxx. Hmmm > > c:\tracert 24.0.0.27 > 1 <10 ms <10 ms <10 ms rtr1.gw.briang.org [192.168.0.1] > 2 42 ms 20 ms 20 ms 24.1.88.1 > 3 18 ms 10 ms 10 ms r1-fe2-0-0-100bt.frmt1.sfba.home.net > [24.1.80.1] > > Next shouldn't I see it going through FXP1 and then to FXP0 out to the net Routers (which is what your FreeBSD box is now, sort of :) normally only report one interface on a traceroute. Looking at traceroutes through Ciscos, Livingstons and FreeBSD systems it looks like the input side is the one reporting. Your trace looks normal to me. > cat /etc/rc.firewall > > $fwcmd -f flush > $fwcmd add divert 6668 all from any to any via fxp0 > $fwcmd add 100 pass all from any to any via lo0 > $fwcmd add 200 deny all from any to 127.0.0.0/8 > $fwcmd add deny all from 192.168.0.0/24 to any out via fxp0 Drop this deny for 192.168.0.0 Dan -- Dan Busarow 949 443 4172 Dana Point Communications, Inc. dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981203183550.4276B-100000>