From owner-freebsd-questions Tue Jul 25 14:35:55 2000 Delivered-To: freebsd-questions@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id A656037B9F2 for ; Tue, 25 Jul 2000 14:35:24 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.15 #1) id 13HBUp-0004ee-00; Tue, 25 Jul 2000 21:40:11 +0100 Received: (from ben) by strontium.scientia.demon.co.uk (Exim 3.15 #1) id 13HBUp-000KM9-00; Tue, 25 Jul 2000 21:40:11 +0100 Date: Tue, 25 Jul 2000 21:40:11 +0100 From: Ben Smithurst To: j mckitrick Cc: questions@freebsd.org Subject: Re: firewall rules Message-ID: <20000725214011.K28657@strontium.scientia.demon.co.uk> References: <20000725002636.A24999@dogma.freebsd-uk.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000725002636.A24999@dogma.freebsd-uk.eu.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG j mckitrick wrote: > I followed the article on the freebsd website about writing a firewall for a > dialup connection. I can provide details if anyone wants to see them, but i > can't seem to get licq to punch through. Gaim works, netscape works, telnet > (er, ssh) works fine. But licq dies. > > Message in the log: > natd[92]: failed to write packet back (permission denied) Enable logging on all your firewall rules which reject traffic (deny, unreach, etc), and see what log messages you get. This will probably mean compiling ipfw into the kernel with IPFIREWALL_VERBOSE (I think that's the right name; check LINT), since last time I looked the module wasn't compiled with IPFIREWALL_VERBOSE or whatever by default. > any ideas? I can provide the config files if needed, but they are basically > like the ones in the article. And i didn't want to clog the list with > filler until necessary :) Please do post your rules, it's easier than people finding it on the website, especially when you didn't even bother to provide an exact URL. Plus people like me on dialup lines might not feel like dialling in just to fetch it. -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D FreeBSD Documentation Project / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message