Date: Tue, 05 Nov 2002 15:33:57 -0800 From: David Cramblett <dcramble@mesd.k12.or.us> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW, natd, redirect_address help needed Message-ID: <3DC85565.2060900@mesd.k12.or.us> In-Reply-To: <Pine.LNX.4.44.0211051523160.6755-100000@cumulonimbus.cloudfactory.org> References: <Pine.LNX.4.44.0211051523160.6755-100000@cumulonimbus.cloudfactory.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you have gateway_enable="YES" in your firewall? Can you get packets through both directions just fine with the firewall set to "OPEN"? David Terrac Skiens wrote: >Hi there, > > I have been trying to set up an embedded system from soekris, running a >small version of freebsd on it's internal compact flash hard disk. > > The machine is built, I have remote access to it and I intend to use it >as a firewall + nat appliance. Directing traffic from machines internally >to external IP addresses. > > I have gotten everything running, however my test for the machines >behind the new firewall keep failing. I can ping the firewall itself, but >not anything past it. The pings just dissapear. From the firewall I can >ping anythign by either hostname or IP. > > What I have not figured out is why my machines behind the firewall cannot >ping out past the firewall, or get any other traffic out either. > >my ipfw list is: >--------------------------------------- >00100 allow ip from any to any via lo0 >00200 deny ip from any to 127.0.0.0/8 >00300 deny ip from 127.0.0.0/8 to any >00400 deny ip from any to 172.16.0.0/12 via sis0 >00500 deny ip from any to 192.168.0.0/16 via sis0 >00600 deny ip from any to 0.0.0.0/8 via sis0 >00700 deny ip from any to 169.254.0.0/16 via sis0 >00800 deny ip from any to 192.0.2.0/24 via sis0 >00900 deny ip from any to 224.0.0.0/4 via sis0 >01000 deny ip from any to 240.0.0.0/4 via sis0 >01100 divert 8668 ip from any to any via sis0 >01200 deny ip from 172.16.0.0/12 to any via sis0 >01300 deny ip from 192.168.0.0/16 to any via sis0 >01400 deny ip from 0.0.0.0/8 to any via sis0 >01500 deny ip from 169.254.0.0/16 to any via sis0 >01600 deny ip from 192.0.2.0/24 to any via sis0 >01700 deny ip from 224.0.0.0/4 to any via sis0 >01800 deny ip from 240.0.0.0/4 to any via sis0 >01900 allow tcp from any to any established >02000 allow ip from any to any frag >10000 deny log logamount 100 tcp from any to any in recv sis0 setup >10100 allow tcp from any to any setup >10200 allow udp from any to any 53 keep-state out xmit sis0 >10300 allow udp from any to any 53 keep-state in recv sis0 >10400 allow udp from any to any 123 keep-state out xmit sis0 >10500 allow udp from any to any 123 keep-state in recv sis1 >10600 allow tcp from any to any 53 keep-state out xmit sis0 >10700 allow tcp from any to any 53 keep-state in recv sis1 >10800 allow tcp from any to any 25 keep-state out xmit sis0 >10900 allow tcp from any to any 25 keep-state in recv sis1 >11000 allow tcp from any to any 22 keep-state out xmit sis0 >11100 allow tcp from any to any 22 keep-state in recv sis1 >11200 allow udp from me to any 67 keep-state out xmit sis0 >11300 allow icmp from any to any >65535 deny ip from any to any > >and my netstat -rn is: >--------------------------------------- >Routing table: >-------------- >Destination Gateway Flags Netif Use >default 66.180.229.177 UGSc sis0 2 >10.1.1.0/24 link#2 UC sis1 0 >xxx.xxx.xxx.xxx link#1 UC sis0 0 <- network >xxx.xxx.xxx.xxx link#1 UHLW sis0 0 <- gateway >127.0.0.1 127.0.0.1 UH lo0 0 > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > -- David Cramblett Network and Information Services Multnomah Education Service District phn: 503-257-1535 fax: 503-257-1538 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DC85565.2060900>