Date: Thu, 4 Oct 2001 18:39:49 +0530 From: "Arpith Jacob" <arpith@geocities.com> To: <cjclark@alum.mit.edu> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Firewall troubles Message-ID: <OE73THfyQgeDKvPEkGh00005be9@hotmail.com> References: <OE32d490U3s91NGXpxw00003bd4@hotmail.com> <20011004140520.H297@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: Crist J. Clark <cristjc@earthlink.net>
To: Arpith Jacob <arpith@geocities.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Sent: Friday, October 05, 2001 2:35 AM
Subject: Re: Firewall troubles
> On Thu, Oct 04, 2001 at 07:39:52AM +0530, Arpith Jacob wrote:
> >
> > Hi,
> >
> > I'm having problems connecting to my freebsd box from my network, I've
tried
> > nearly everything without any success. I think its a problem with my
> > firewall rules.
> >
> > I cannot ping/telnet/ftp into my freebsd machine. I can however connect
to
> > the outside world from the bsd box. How can I remove the default "deny"
> > clause for the firewall in my kernel options?
> >
> This does not look like a firewall problem. Your pass rule seems to be
> working fine. Nothing is being denied.
>
> > I ran tcpdump on the freebsd machine, I think the kernel is receiving
the
> > connection requests, but is not passing it through the firewall.
>
> What makes you think that?
>
> > Outside network = p3.scully
> > Freebsd mc = p1.scully
> >
> > 13:44:35.504743 p3.scully > p1.scully: icmp: echo request (DF)
> > ..
> > ..
> > 13:45:03.509338 p3.scully > p1.scully: icmp: echo request (DF)
> > 13:45:04.509438 arp who-has p1.scully tell p3.scully
> > 13:45:04.509523 p3.scully > p1.scully: icmp: echo request (DF)
> > 13:45:04.509645 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
> > 13:45:05.509668 p3.scully > p1.scully: icmp: echo request (DF)
> > ..
> > ..
> > 13:45:31.513951 p3.scully > p1.scully: icmp: echo request (DF)
> > ..
> > 13:45:33.569860 p3.scully.1040 > p1.scully.telnet: S
> > 4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234528
> > 0,nop,wscale 0> (DF)
> > 13:45:34.514374 arp who-has p1.scully tell p3.scully
> > 13:45:34.514498 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
> > 13:45:36.564739 p3.scully.1040 > p1.scully.telnet: S
> > 4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234828
> > 0,nop,wscale 0> (DF)
> >
> > I've been breaking my head over this for a while now.. any help would
really
> > be appreciated.
>
> I think we'd be better off starting with the ifconfig(8) output from
> p1.scully and the IP address of p3.scully.
Hello Clark,
The freebsd machine (p1: 172.25.2.2) looks like it is receiving all the
requests from the linux machine (p3: 172.25.2.1) after examining the output
of tcpdump above. But, it doesn't seem to be going anywhere after that.
Heres the ifconfig output from p1.scully, running freebsd:
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.25.2.2 netmask 0xffffff00 broadcast 172.25.2.255
inet6 fe80::e891:f9bc:b7ac:487d%ed0 prefixlen 64 scopeid 0x1
ether a5:a5:a5:a5:a5:a5
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
faith0: flags=8000<MULTICAST> mtu 1500
The ip address of p3.scully, running linux is 172.25.2.1. Here is the
ifconfig output:
eth0 Link encap:Ethernet HWaddr 00:00:E8:00:61:02
inet addr:172.25.2.1 Bcast:172.25.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:125 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0xcc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:66 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
What am I doing wrong?
Thanks a lot,
Arpith
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE73THfyQgeDKvPEkGh00005be9>