Date: Sun, 20 Aug 2000 14:22:08 -0700 (PDT) From: Todd Backman <todd@flyingcroc.net> To: Dan Debertin <airboss@bitstream.net> Cc: freebsd-net@freebsd.org Subject: Re: Routing firewall w/ipfw questions Message-ID: <Pine.BSF.4.21.0008201414370.31606-100000@security1.noc.flyingcroc.net> In-Reply-To: <Pine.SGI.4.21.0008201249430.11560-100000@copper.air-boss.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Aug 2000, Dan Debertin wrote: > On Sat, 19 Aug 2000, Todd Backman wrote: > > > established connection) but no access from the outside could be > > established even after adding as the last rulesets: > > > > allow ip from any to any > > If you are inserting this rule onto the end of your ruleset, you're still > going through all of your other rules before getting to this one. Yes, that hit me when I was on my way into town on the bus today. Amazing what state of mental clarity I obtain while having 15 diff conversations going on around me... ;^) (and without having 10 people calling me asking when the net is going to be back up after an outage notice had been posted) > Given that we're just trying to get the routing working, you're better > off turning off firewalling completely with: > > sysctl -w net.inet.ip.fw.enable=0 > > Once we get routing working from inside out, and from outside in, we can > throw ipfw back into the mix. Cool. Will do. Thanks for the guidance. And I must say that sysctl rocks! > > If that doesn't work, perhaps an ASCII drawing of your network, with the > relevant addresses (converted into made-up ones, of course), etc., would > be helpful. > > > ~Dan D. > -- > > ++ Dan Debertin > ++ Senior Systems Administrator > ++ Bitstream Underground, LLC > ++ airboss@bitstream.net > ++ (612)321-9290 > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008201414370.31606-100000>