Date: Sun, 17 Oct 1999 16:50:04 -0400 From: "Ken Kyler" <ken@kyler.com> To: "Francisco Reyes" <fran@reyes.somos.net> Cc: "FreeBSD questions" <questions@freebsd.org> Subject: RE: Firewalls for Morons Message-ID: <001a01bf18e1$30413030$0200a8c0@cheat> In-Reply-To: <199910172015.QAA24290@sanson.reyes.somos.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> After you change your rc.firewall how are you re-initialising the > firewall? I believe so > One way is to "cd /etc; sh rc.firewall" Nice to know, I rebotted :) > That seems ok. Also as far as I understand the "default accept" > means that you setup your firewall to > accept any packet which was not trapped by a rule. This also > implies that one of your rules must be > screwing you up or there is still something wrong with the way > the setup for the varies is done. Interesting. I had initially built the kernel with... # added by kyler options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE #options IPFIREWALL_DEFAULT_TO_ACCEPT but as you can see, the default to accept has been commented out - and yes, the kernel was rebuilt and installed. > >btw, pardon the stupid question - but which file holds the log? > > /var/log/messages I was afraid you were going to say that. Nothing is getting logged. > Are the cards up? Check with ifconfig -a They have to be as everything works fine once I add the rule "ipfw add allow all from any to any" > Are you connected to the net through ethernet? fxp0 sounds > familiar, but not xl0. What is xl0? xl0: <3Com 3c905-TX Fast Etherlink XL> > > # log eveything > > $fwcmd add allow log ip from any to any > > Good. that should allow all traffic through. However, as I said above, nothing is getting logged. > Note that your internal network is 192.168, so you would want to > comment those lines instead of the 10.0 > from my example. fixed. > With that "allow from any to any" I would tend to think that your > problem must be either one of your > cards is not up or you are copying something wrong when typing > the addresses in the rc.firewall > variables initialization. I'll bet $$$ the cards are working. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001a01bf18e1$30413030$0200a8c0>