Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Dec 1998 18:15:00 -0800
From:      "Briang" <brian@briang.org>
To:        "FreeBSD" <freebsd-questions@FreeBSD.ORG>
Subject:   IPFW
Message-ID:  <003001be1f2b$e595b100$2900a8c0@brian-desktop.briang.org>
next in thread | raw e-mail | index | archive | help 
I have DNS and NATD running with IPFW ->  FXP0 -> Internet / 24.1.8x.xxx
FXP1-> Private / 192.168.0.1.
Well this is what I dont understand if I try to ping www.briang.org it
replys fine but if I try to open
www.briang.org inside netscape it times out saying it cant find the
website...Hmmmm
So I added this line to the rc.firewall file
"""  $fwcmd add divert 6668 all from 192.168.0.0/24 to any via fxp1 """
and now I can open the website but snmp service tells me that is cant no
longer find the interface for 24.1.8x.xxx. Hmmm

c:\tracert 24.0.0.27
 1   <10 ms   <10 ms   <10 ms  rtr1.gw.briang.org [192.168.0.1]
 2    42 ms    20 ms    20 ms  24.1.88.1
 3    18 ms    10 ms    10 ms  r1-fe2-0-0-100bt.frmt1.sfba.home.net
[24.1.80.1]

Next shouldn't I see it going through FXP1 and then to FXP0 out to the net
??

cat /etc/rc.firewall

$fwcmd -f flush
$fwcmd add divert 6668 all from any to any via fxp0
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny all from any to 127.0.0.0/8
$fwcmd add deny all from 192.168.0.0/24 to any out via fxp0
$fwcmd add deny log tcp from 24.0.0.0/8 to 24.1.8x.xxx/32 1-65000
$fwcmd add deny log udp from 24.0.0.0/8 to 24.1.8x.xxx/32 1-65000
$fwcmd add deny log all from 198.247.0.0/16 to any in via fxp0
$fwcmd add 65000 pass all from any to any



--> ipfw -a l

00100         42       5811 divert 6668 ip from any to any via fxp0

--->>> I took the other Divert line out for right now..
00100          0          0 allow ip from any to any via lo0
00200          0          0 deny ip from any to 127.0.0.0/8
00300          0          0 deny ip from 192.168.0.0/24 to any out xmit fxp0
07400          0          0 deny log tcp from 24.0.0.0/8 to 24.1.8x.xxx
1-65000
07500          0          0 deny log udp from 24.0.0.0/8 to 24.1.8x.xxx
1-65000
07600          0          0 deny log ip from 198.247.0.0/16 to any in recv
fxp0
65000        491      49928 allow ip from any to any
65535         14       1076 deny ip from any to any

Thanks
-Brian



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001be1f2b$e595b100$2900a8c0>