From owner-freebsd-questions Thu Feb 22 10:17:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rmx441-mta.mail.com (rmx441-mta.mail.com [165.251.48.44]) by hub.freebsd.org (Postfix) with ESMTP id D395A37B491 for ; Thu, 22 Feb 2001 10:17:53 -0800 (PST) (envelope-from evilwolf@cyberdude.com) Received: from weba2.iname.net (weba2.iname.net [165.251.4.12]) by rmx441-mta.mail.com (8.9.3/8.9.3) with ESMTP id NAA13164 for ; Thu, 22 Feb 2001 13:17:52 -0500 (EST) From: evilwolf@cyberdude.com Received: (from root@localhost) by weba2.iname.net (8.9.1a/8.9.2.Alpha2) id NAA17363; Thu, 22 Feb 2001 13:17:52 -0500 (EST) MIME-Version: 1.0 Message-Id: <010222131752DZ.06490@weba2.iname.net> Date: Thu, 22 Feb 2001 13:17:52 -0500 (EST) Content-Type: Text/Plain Content-Transfer-Encoding: 7bit To: questions@freebsd.org Subject: Ipfw with dial-up Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dear FreeBSD guys- I have FreeBSD 4.0 that I recently got. I wanted to set up the ipfw firewall included with it and so I went to your tutorials and followed that exactly. I added this to the kernel and recompiled it: ------------------------------------------- options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPDIVERT Then, to the rc.conf file I added: --------------------------------- firewall_enable="YES" firewall_script="/etc/firewall/fwrules" natd_enable="YES" natd_interface="tun0" natd_flags="-dynamic" I didn't have NAT running so I didn't have to disable it. Next, I set the firewall rules to what your tutorial said (I planned to change them later on): -------------------------------------- # Firewall rules # Written by Marc Silver (marcs@draenor.org) # http://draenor.org/ipfw # Freely distributable # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 # Allow all data from my network card and localhost. Make sure you # change your network card (mine was fxp0) before you reboot. :) $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via fxp0 # Allow all connections that I initiate. $fwcmd add allow tcp from any to any out xmit tun0 setup # Once connections are made, allow them to stay open. $fwcmd add allow tcp from any to any via tun0 established # Everyone on the internet is allowed to connect to the following # services on the machine. This example shows that people may connect # to ssh and apache. $fwcmd add allow tcp from any to any 80 setup $fwcmd add allow tcp from any to any 22 setup # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to any 113 in recv tun0 # Allow outgoing DNS queries ONLY to the specified servers. $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 # Allow them back in with the answers... :) $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 # Allow ICMP (for ping and traceroute to work). You may wish to # disallow this, but I feel it suits my needs to keep them in. $fwcmd add 65435 allow icmp from any to any # Deny all the rest. $fwcmd add 65435 deny log ip from any to any ----------------------------------------- Now when I reboot, it the startup messages I see something like "interface tun0 doesn't exist". And when I try to connect to the net, I can connect but cant send any packets out or recieve any for that matter. Am I supposed to replace to reference to "tun0" in rc.conf and/or the fwrules with the device name of my modem....? Or what? Got any ideas I could try out? Thanks for your help. -Evilwolf --------------------------------------------------- Get free personalized email at http://www.iname.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message