From owner-freebsd-questions  Mon Jan 22 23:26:32 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 409AC37B402
	for <questions@freebsd.org>; Mon, 22 Jan 2001 23:26:15 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 22 Jan 2001 23:24:24 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0N7QHx37433;
	Mon, 22 Jan 2001 23:26:17 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 22 Jan 2001 23:26:16 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Trevin Chow <tmchow@sfu.ca>
Cc: questions@FreeBSD.ORG
Subject: Re: broken NAT and Firewall rule
Message-ID: <20010122232616.T10761@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <Pine.GSO.4.30.0101222225390.22910-100000@fraser.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.GSO.4.30.0101222225390.22910-100000@fraser.sfu.ca>; from tmchow@sfu.ca on Mon, Jan 22, 2001 at 10:31:13PM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jan 22, 2001 at 10:31:13PM -0800, Trevin Chow wrote:
> I previously wrote to the email list about my problems with NAT
> and my firewall rules... in a nutshell NAT doesnt' work =)
> 
> The freeBSD 4.2-Stable box can reach the internet, and is running
> sshd and proftd with no problems.
> 
> However, when I connect one of my internal machines to the
> internal interfaces on the server, the internet on those
> clients doesn't function.
> 
> TO provide more useful logs of `ipfw show`, I zero'd it out first
> with `ipfw zero`, then I did a simple request to load up a webpage
> in IE 5.5 on the client machine hooked up to my internal interface.
> 
> External Interface = dc0
> Internal interfaces = fxp0 and fxp1
> Connected client onto fxp1 and tried to loadup up yahoo.com
> ------------------

[snip]

> 65532 14 2968 deny udp from any to any

This seems to be your problem. Looks like your DNS is not working. Why
don't you log this rule to see exactly what is being denied here.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message