From owner-freebsd-questions Sun Oct 17 13:50:12 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dbasecentral.com (prod1.dbasecentral.com [205.243.161.30]) by hub.freebsd.org (Postfix) with ESMTP id CDA2014F23 for ; Sun, 17 Oct 1999 13:50:09 -0700 (PDT) (envelope-from ken@kyler.com) Received: from cheat (adsl-151-200-15-77.bellatlantic.net [151.200.15.77]) by dbasecentral.com (8.9.3/8.9.3) with SMTP id PAA00672; Sun, 17 Oct 1999 15:47:15 -0500 From: "Ken Kyler" To: "Francisco Reyes" Cc: "FreeBSD questions" Subject: RE: Firewalls for Morons Date: Sun, 17 Oct 1999 16:50:04 -0400 Message-ID: <001a01bf18e1$30413030$0200a8c0@cheat> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 In-Reply-To: <199910172015.QAA24290@sanson.reyes.somos.net> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > After you change your rc.firewall how are you re-initialising the > firewall? I believe so > One way is to "cd /etc; sh rc.firewall" Nice to know, I rebotted :) > That seems ok. Also as far as I understand the "default accept" > means that you setup your firewall to > accept any packet which was not trapped by a rule. This also > implies that one of your rules must be > screwing you up or there is still something wrong with the way > the setup for the varies is done. Interesting. I had initially built the kernel with... # added by kyler options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE #options IPFIREWALL_DEFAULT_TO_ACCEPT but as you can see, the default to accept has been commented out - and yes, the kernel was rebuilt and installed. > >btw, pardon the stupid question - but which file holds the log? > > /var/log/messages I was afraid you were going to say that. Nothing is getting logged. > Are the cards up? Check with ifconfig -a They have to be as everything works fine once I add the rule "ipfw add allow all from any to any" > Are you connected to the net through ethernet? fxp0 sounds > familiar, but not xl0. What is xl0? xl0: <3Com 3c905-TX Fast Etherlink XL> > > # log eveything > > $fwcmd add allow log ip from any to any > > Good. that should allow all traffic through. However, as I said above, nothing is getting logged. > Note that your internal network is 192.168, so you would want to > comment those lines instead of the 10.0 > from my example. fixed. > With that "allow from any to any" I would tend to think that your > problem must be either one of your > cards is not up or you are copying something wrong when typing > the addresses in the rc.firewall > variables initialization. I'll bet $$$ the cards are working. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message