Date: Mon, 03 May 2004 17:11:33 +0000 From: "Andrea E." <andrea@ae4u.de> To: Supote Leelasupphakorn <pjn0211@yahoo.com> Cc: freebsd-ipfw@FreeBSD.org Subject: Re: ipfw with NAT and ARP Message-ID: <40967D45.3080708@ae4u.de> In-Reply-To: <20040502051806.68324.qmail@web40602.mail.yahoo.com> References: <20040502051806.68324.qmail@web40602.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, i have installed and configured freebsd 5.2.1 new. now i can do ping and all other network commands. at this moment I don't know, what the problem was. thanks for all your help Andrea Supote Leelasupphakorn wrote: > Hi Andrea E. > > From my understand if you'd like to ping from EXTERNAL ip > to EXTERNAL ip, the firewall is not involve because it will > reach each other directly. Could you confirm that you'd like > to "ping from EXTERNAL ip to EXTERNAL ip" so someone can find > out the solution ? > > Cheers, > pjn > > --- Supote Leelasupphakorn <pjn0211@yahoo.com> wrote: > Hi, > >>I am a newbie and my question is very easy perhaps. I work >>with >>FreeBSD >>5.2.1 >> >>I would like to configure a firewall with to interfaces (xl0 = >>LAN, xl1 >>= External) >> >>For NAT I have configured like discribed in the manualpage of >>natd: >> >>ipfw -f flush >>ipfw add divert natd all from any to any via xl1 >>ipfw add allow all from any to any >> >>-> all is fine. >> >>But, I wont so a simple firewall and for this reason, first I >>want to >>configure the ICMP-protocol: >> >>ip_ext => External IP-Address >> >>ipfw -f flush >>ipfw add divert natd all from any to any via xl1 >>ipfw add allow icmp from $ip_ext to any icmptypes 8 out via >>xl1 >>ipfw add allow icmp from any to $ip_ext icmptypes 0 in via >>xl1 >> >>-> It's not ok. With "ethereal" no pakets are going out (test >>from an >>other system, connected with a HUP.) >> >>When testing "ping" from external to external IP-Adress of my >>firewall, >>the ARP-request: to broadcast Who has xxx.xxx.xxx.xxx? Tell >>xxx.xxx.xxx.xxx fails >> >>-> seems to have a problem to let ARP through the firewall. >> >>Above -> "ipfw add allow all from any to any" let ARP through >>the >>firewall. So I think, thats the configuration of the rest of >>my >>computer >>(like kernel, rc.conf, etc. ist ok) >> >>And there are no ARP-protocol in /etc/protocols, so I don't >>know, what I >>can do now. >> >>There is a bug: >>After restarting system with above configuration of >>icmp-protocol no >>ping-request is going out. After a flush of all rules and >>configuring of >>"ipfw add allow all from any to any" ping-request get an >>answer. >>Very interesting is to flush all rules und to configure the >>firewall >>like the first configuring (to allow special rules for >>icmp-protocol -> >>all works very fine. ping-request get an answer. Whenn >>restarting system >>the ping-request get no answer again, I mean, the ping-request >>is not >>send out. >> >>Can anybody help me? Hope to get an answer. >> >>I hope you can understand me, my English isn't very well. >> >>Greatings from Berlin, >> >> Andrea E. >> >> >> > > ________________________________________________________________________ > >>Yahoo! Messenger - Communicate instantly..."Ping" >>your friends today! Download Messenger Now >>http://uk.messenger.yahoo.com/download/index.html > > > ________________________________________________________________________ > Yahoo! Messenger - Communicate instantly..."Ping" > your friends today! Download Messenger Now > http://uk.messenger.yahoo.com/download/index.html >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40967D45.3080708>