From owner-freebsd-questions  Thu Aug 13 12:35:58 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA25568
          for freebsd-questions-outgoing; Thu, 13 Aug 1998 12:35:58 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA25549
          for <freebsd-questions@FreeBSD.ORG>; Thu, 13 Aug 1998 12:35:52 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.5/8.8.8) with SMTP id MAA20655;
          Thu, 13 Aug 1998 12:35:22 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Thu, 13 Aug 1998 12:35:21 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Dan Langille <junkmale@xtra.co.nz>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ipfw rules
In-Reply-To: <199808120750.TAA00553@cyclops.xtra.co.nz>
Message-ID: <Pine.BSF.4.00.9808131234430.11633-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Wed, 12 Aug 1998, Dan Langille wrote:

> On 12 Aug 98, at 0:31, Doug White wrote:
> 
> > 
> > On Tue, 11 Aug 1998, Dan Langille wrote:
> > 
> > > I'm using ipfw and natd for my home subnet.  The FreeBSD box acts as a
> > > gateway to my ADSL connection.  I'm using the simple firewall as
> > > defined in rc.firewall.  However, some of the default rules are
> > > preventing some services from working.  But I don't understand why.
> > > 
> > > Below are the rules and a description of what they prevent when they
> > > are enabled.  If someone could explain why the rule stops what it
> > > does, I would appreciate it.
> > > 
> > > oif=ed0
> > > 
> > > # if either of the following two lines are enabled, it stops my
> > > # Pegasus email client from accessing the POP server at my ISP
> > > add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
> > 
> > Stop any packets originating from 192.168.x.x from leaving this machine.
> > What's the machine's IP?
> 
> ed0 (outside world) is not within this range.  ed1 (my subnet) is.  Isn't
> this rule trying to stop packets going out on ed0 (outside world)?

Assuming ${oif} == 'ed0'...

> > > add pass tcp from any to any setup
> > 
> > Allows TCP connections to start but probably blocks the rest because of
> > the above rule.
> 
> Yeah.  Strange.  These are the default rules within rc.firewall.

Not a clue.  My ipfw adventures start next week. :)

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message