Date: Tue, 10 Jul 2001 07:15:34 -0400 (EDT) From: Dru <genisis@istar.ca> To: Francisco Reyes <lists@natserv.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Cant ping/nslookup Message-ID: <20010710071252.D345-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> In-Reply-To: <20010710005648.F21477-100000@zoraida.natserv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Francisco, I don't see any rules to allow UDP. There's a step-by-step article on what's required here: http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html?page=2 Cheers, Dru On Tue, 10 Jul 2001, Francisco Reyes wrote: > setup: > client --> fxp0 (internal NIC FBSD) --> ed0 (external NIC) > > I am trying to find why an internal machine/client can't ping or do > nslookups on my home network. > > I used sample rules I found on the archives to let icmp/dns through, but > they failed to let the client ping or do dns lookups. > > I added the "log" option to all my deny statements, yet I don't see any > entries in /var/log/security after I try to ping an external machine from > the internal client and it fails. > > ipfw list|grep deny > 00200 deny log logamount 50 ip from any to 127.0.0.0/8 > 00300 deny log logamount 50 ip from 127.0.0.0/8 to any > 02100 deny log logamount 50 ip from 192.168.10.0/24 to any in recv ed0 > 02200 deny log logamount 50 ip from 66.114.65.0/24 to any in recv fxp0 > 02300 deny log logamount 50 ip from any to 10.0.0.0/8 via ed0 > 02400 deny log logamount 50 ip from any to 172.16.0.0/12 via ed0 > 02500 deny log logamount 50 ip from any to 0.0.0.0/8 via ed0 > 02600 deny log logamount 50 ip from any to 169.254.0.0/16 via ed0 > 02700 deny log logamount 50 ip from any to 192.0.2.0/24 via ed0 > 02800 deny log logamount 50 ip from any to 224.0.0.0/4 via ed0 > 02900 deny log logamount 50 ip from any to 240.0.0.0/4 via ed0 > 03100 deny log logamount 50 ip from 10.0.0.0/8 to any via ed0 > 03200 deny log logamount 50 ip from 172.16.0.0/12 to any via ed0 > 03300 deny log logamount 50 ip from 0.0.0.0/8 to any via ed0 > 03400 deny log logamount 50 ip from 169.254.0.0/16 to any via ed0 > 03500 deny log logamount 50 ip from 192.0.2.0/24 to any via ed0 > 03600 deny log logamount 50 ip from 224.0.0.0/4 to any via ed0 > 03700 deny log logamount 50 ip from 240.0.0.0/4 to any via ed0 > 05000 deny log logamount 50 tcp from any to any in recv ed0 setup > 05400 deny log logamount 50 ip from any to any > 65535 deny ip from any to any > > Any ideas why failed connections are not logged even though all deny > clauses have the log option? > > Since I couldn't get the "log" parameter to help I then tried to add > rules to let everything through: > 00100 allow ip from any to any via lo0 > 00150 allow icmp from any to any > 00160 allow ip from any to any > > That still didn't help. > > If I set the firewall to open in rc.conf then the client machine can ping > and do dns lookups. > > Any thoughts? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010710071252.D345-100000>