Date: Mon, 24 Apr 2000 21:17:21 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Jordan Blanchard <cybernetik@sympatico.ca> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Firewall and the general Network Message-ID: <20000424211721.A75100@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <NEBBLHFGALIEHENGIGPLGEBCCAAA.cybernetik@sympatico.ca>; from cybernetik@sympatico.ca on Mon, Apr 24, 2000 at 10:17:16AM -0400 References: <20000424082153.A73579@cc942873-a.ewndsr1.nj.home.com> <NEBBLHFGALIEHENGIGPLGEBCCAAA.cybernetik@sympatico.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 24, 2000 at 10:17:16AM -0400, Jordan Blanchard wrote: > > "Forcing you to use a proxy?" What do you mean? > > > well, when trying to view web pages without a proxy program through my 95 > box, it stalls.. > > > Anyway, could you send, > > # ipfw show > > 00060 66545 35492707 allow ip from any to any > 00100 0 0 divert 8668 ip from any to any via tun0 > 00100 0 0 allow ip from any to any via lo0 > 00100 0 0 divert 8668 ip from any to any via tun0 > 00100 0 0 divert 8668 ip from any to any via tun0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00210 0 0 deny icmp from any to any via ed0 > 65535 16 1000 deny ip from any to any As Mike pointed out, these rules make no sense. They are not the "simple" firewall rules either. > # netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 216.209.34.1 UGSc 10 9642 tun0 > 1 link#2 UC 0 0 ed1 > 10.10.10/24 link#1 UC 0 0 ed0 > 10.10.10.12 0:40:5:4d:3d:c8 UHLW 1 2260 ed0 144 > 10.10.10.120 0:80:c8:36:69:ed UHLW 2 4970 ed0 715 > 127.0.0.1 127.0.0.1 UH 0 2 lo0 > 216.209.34.1 216.209.34.202 UH 9 0 tun0 > 216.209.34.202 127.0.0.1 UH 0 0 lo0 OK. > # ifconfig -a > ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 > ether 00:20:18:65:a0:9f > ed1: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500 > inet 1.1.1.1 netmask 0xff000000 broadcast 1.255.255.255 > ether 00:00:c0:df:fb:7f > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492 > inet 216.209.34.202 --> 216.209.34.1 netmask 0xffffff00 > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 OK. > :And if you are running natd(8) or a routing daemon, the relevant > :info. Then we can probably help analyze your problem. > > I've got natd runing, from rc.conf.. > > 138 ?? Is 0:00.00 /sbin/natd -n tun0 If you are doing NAT through PPP, you should probably use the '-nat' option in ppp(8) rather than the natd(8) daemon. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000424211721.A75100>