From owner-freebsd-questions Tue Nov 21 10:40: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from c528925-a.kreska.org (c528925-a.plano1.tx.home.com [24.21.161.123]) by hub.freebsd.org (Postfix) with ESMTP id 7510537B4C5 for ; Tue, 21 Nov 2000 10:39:57 -0800 (PST) Received: from kreska.org (c528925-a.plano1.tx.home.com [24.21.161.123]) by c528925-a.kreska.org (8.9.3/8.9.3) with ESMTP id MAA26777; Tue, 21 Nov 2000 12:39:55 -0600 (CST) (envelope-from jeff@kreska.org) Message-ID: <3A1AC159.90903@kreska.org> Date: Tue, 21 Nov 2000 12:39:21 -0600 From: Jeff User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20001108 Netscape6/6.0 X-Accept-Language: en MIME-Version: 1.0 To: vcardon@siue.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: help with ipfw References: <200011211802.MAA24021@cougar.isg.siue.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Did you update your rfc rules to include the in/out keywords for your internal network? # Stop RFC1918 nets on the outside interface ${fwcmd} add deny log all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny log all from any to 10.0.0.0/8 out via ${oif} -------------------------------------------------------^ ${fwcmd} add deny log all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny log all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny log all from 192.168.0.0/16 to any via ${oif} ${fwcmd} add deny log all from any to 192.168.0.0/16 out via ------------------------------------------------------------^ vcardon@siue.edu wrote: > Hi everyone, > > I am trying to setup a FreeBSD gateway that will have a firewall running as > well. The outside interface is connected to a cable modem, and the inside > interface goes to my internal LAN. I have followed the how-to at > http://www.mostgraveconcern.com/freebsd , and everything works fine, untill I > switch my firewall from type open to simple. > > Basically, when I switch to \"simple\" I lose all network connectivity. I cannot > even ping out from the gateway. > > Does anyone have any suggestions as to what I can do to correct this? > > Thanks, > Victor > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message