From owner-freebsd-questions Sun Oct 20 13:45:52 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2CEC37B401 for ; Sun, 20 Oct 2002 13:45:49 -0700 (PDT) Received: from smtp05.wxs.nl (smtp05.wxs.nl [195.121.6.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E47C43E9C for ; Sun, 20 Oct 2002 13:45:48 -0700 (PDT) (envelope-from freebsd@akruijff.dds.nl) Received: from cybertron.kruijff ([213.10.151.186]) by smtp05.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id H4ASCA00.ON1; Sun, 20 Oct 2002 22:45:46 +0200 Date: Sun, 20 Oct 2002 22:45:17 +0200 From: Alex X-Mailer: The Bat! (v1.53d) Reply-To: freebsd-reply@akruijff.dds.nl X-Priority: 3 (Normal) Message-ID: <8342521062.20021020224517@dds.nl> To: mh Cc: freebsd-questions@FreeBSD.org Subject: Re: Mac can't connect to Internet In-Reply-To: <1034958695.580.28.camel@hammarlund.radio.org> References: <1034958695.580.28.camel@hammarlund.radio.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Friday, October 18, 2002, 6:31:35 PM, you wrote: I don't have the solution, but may have a way to the solution. > I have FreeBSD, 4.7 Stable running as a gateway box, with a Debian box > also on the network. The gateway is connected to a Comcast cable modem, > and is running ipfw as a firewall. Both boxes can see/connect each other > and the Internet. > I added a Powerbook, OS X, to the local network, configured /etc/hosts > and /etc/resolv.conf. PB can ping the other boxes ok, but can't see the > Internet. The other boxes can ping the PB ok. Looks like a firewall > problem. If I connect the PB to the cable modem directly, the PB > connects ok. Could you check the gateway setting of the mac? > It appears that the PB is trying to send UDP packets out on port 67, so > I tried to open up the firewall for UDP traffic (not a good idea?) but > still can't see outside the local network. Attached is my rc.firewall. > In /etc/rc.conf I have firewall_type="open" and added some rules to the > "open" section in rc.firewall. Is the mac able to use the internet without the firewall? (Remove the firewall lines from rc.conf with '#' and try loading the GENERIC kernel at the kernel prompt). If so reboot and change the *deny/block/ect* line of the firewall and add the 'log' keyword(man ipfw to find out how to use this) to each of them. Check /var/log/security if you can see the mac being blocked by your firewall. (It will tell you what rule blocked your mac). I hope this is helpful, if not send me the output of 'ipfw s' and 'tail -n 100 /var/log/security' and i'll take a look. > What am I doing wrong? Thanks. > Michael Heyes > ############ > # Flush out the list before we begin. > # > ${fwcmd} -f flush > ############ > # Network Address Translation. All packets are passed to natd(8) > # before they encounter your remaining rules. The firewall rules > # will then be run again on each packet after translation by natd > # starting at the rule number following the divert rule. > # > # For ``simple'' firewall type the divert rule should be put to a > # different place to not interfere with address-checking rules. > # > case ${firewall_type} in > [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) > case ${natd_enable} in > [Yy][Ee][Ss]) > if [ -n "${natd_interface}" ]; then > ${fwcmd} add 50 divert natd all from any to any > via ${natd_interface} > fi > ;; > esac > ############ > # If you just configured ipfw in the kernel as a tool to solve network > # problems or you just want to disallow some particular kinds of traffic > # then you will want to change the default policy to open. You can also > # do this as your only action by setting the firewall_type to ``open''. > # > # ${fwcmd} add 65000 pass all from any to any > ############ > # Only in rare cases do you want to change these rules > # > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > #${fwcmd} add 300 deny ip from 127.0.0.0/8 to any > # Prototype setups. > # > case ${firewall_type} in > [Oo][Pp][Ee][Nn]) > ${fwcmd} add 300 check-state > ${fwcmd} add 350 allow all from 192.168.0.0/16 to any > ${fwcmd} add 352 allow ip from any to 192.168.0.0/16 > ${fwcmd} add 400 allow tcp from any to any in established > ${fwcmd} add 410 pass tcp from any to any keep-state out setup > ${fwcmd} add 420 pass udp from any to any 53 in recv dc0 > ${fwcmd} add 430 pass udp from any to any out > ${fwcmd} add 440 pass icmp from any to any icmptypes 3 > ${fwcmd} add 450 pass icmp from any to any icmptypes 4 > ${fwcmd} add 460 pass icmp from any to any icmptypes 8 > ${fwcmd} add 470 pass icmp from any to any in icmptypes 0 > ${fwcmd} add 480 deny ip from any to any > ${fwcmd} add 65000 pass all from any to any > ;; > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Best regards, Alex The FreeBSD handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html How to get the best results from FreeBSD-Questions http://www.lemis.com/questions.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message