Date: Tue, 8 May 2007 11:40:58 -0400 (EDT) From: Gardner Bell <gbell72@rogers.com> To: freebsd-ipfw@freebsd.org Subject: IPFW and NATD problem Message-ID: <853764.71287.qm@web88009.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all, I've been following the IPFW section in the handbook and /etc/rc.firewall to try and setup a gateway for my home LAN but I'm having a bit of trouble getting access to the internet. My network setup looks like so. 192.168.x.x bge1 - 192.168.x.x bge0 x.x.x.x --LAN------------Switch---------FreeBSD-------------------------------ISP Bge0 successfully receives an IP from my ISP's DHCP server and I can ping the LAN without any issues. When it comes to accessing the internet I get a hostname lookup failure. Any help resolving this is greatly appreciated. Gardner mx1# ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from 192.168.1.0/24 to any in via bge0 00500 deny log logamount 3 ip from x.x.x.x/25 to any in via bge1 00600 deny ip from any to 10.0.0.0/8 via bge0 00700 deny ip from any to 172.16.0.0/12 via bge0 00800 deny ip from any to 192.168.0.0/16 via bge0 00900 deny ip from any to 0.0.0.0/8 via bge0 01000 deny ip from any to 169.254.0.0/16 via bge0 01100 deny ip from any to 192.0.2.0/24 via bge0 01200 deny ip from any to 224.0.0.0/4 via bge0 01300 deny ip from any to 240.0.0.0/4 via bge0 01400 divert 8668 ip from any to any in via bge0 01500 allow ip from any to any via bge1 01600 deny ip from 10.0.0.0/8 to any via bge0 01700 deny ip from 172.16.0.0/12 to any via bge0 01800 deny ip from 192.168.0.0/16 to any via bge0 01900 deny ip from 0.0.0.0/8 to any via bge0 02000 deny ip from 169.254.0.0/16 to any via bge0 02100 deny ip from 192.0.2.0/24 to any via bge0 02200 deny ip from 224.0.0.0/4 to any via bge0 02300 deny ip from 240.0.0.0/4 to any via bge0 02400 allow tcp from any to x.x.x.x dst-port 53 out via bge0 setup keep-state 02500 allow udp from any to x.x.x.x dst-port 53 out via bge0 keep-state 02600 allow udp from any to x.x.x.x dst-port 67 out via bge0 keep-state 02700 allow tcp from any to any dst-port 80 out via bge0 setup keep-state 02800 allow tcp from any to any dst-port 443 out via bge0 setup keep-state 02900 allow tcp from any to any dst-port 25 out via bge0 setup keep-state 03000 allow tcp from any to any dst-port 110 out via bge0 setup keep-state 03100 allow tcp from any to any dst-port 21 out via bge0 setup keep-state 03200 allow tcp from any to any dst-port 3724 out via bge0 setup keep-state 03300 allow icmp from any to any out via bge0 keep-state 03400 allow tcp from any to any dst-port 43 out via bge0 setup keep-state 03500 allow udp from any to any dst-port 123 out via bge0 keep-state 03600 reset tcp from any to any dst-port 113 in via bge0 03700 allow udp from x.x.x.x to any dst-port 68 in via bge0 keep-state 03800 deny tcp from any to any dst-port 137 in via bge0 03900 deny tcp from any to any dst-port 138 in via bge0 04000 deny tcp from any to any dst-port 139 in via bge0 04100 deny tcp from any to any dst-port 389 in via bge0 04200 deny tcp from any to any dst-port 445 in via bge0 04300 deny ip from any to any frag 04400 deny log logamount 3 ip from any to 255.255.255.255 65535 deny ip from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?853764.71287.qm>