Date: Wed, 07 May 2003 10:52:32 +0200 From: "Ronald Weinrich" <freebsd@werosoft.com> To: freebsd-questions@freebsd.org Subject: Re: no route to host Message-ID: <3EB8E570.5774.8DA49D3@localhost> In-Reply-To: <20030507025544.GB50255@users.munk.nu> References: <3EB87C2C.16955.73F15B3@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jez Hancock, yesterday it was 4h in the morning so I had to go, I hope you get this mess. I did what you said - now I'm able to ping from the firewall-box to ep0 192.168.0.1 from the firewall-box to ed0-213.47.28.166 from intranet 192,168,0,xx to ep0 192.168.0.1 and from intranet 192,168,0,xx to ed0 213.47.28.166 from intranet not to the DNS1-box in inet 213.47.28.160/8 on 213.47.28.162 or to the router 213.47.28.161 I guess that's the reason I can't conect to the internet (does 160/8 mean 160 -175?) from outside 213.47.28.160/8 to ed0 213.47.28.166 works is that a ipnat problem? or a routing problem? I add > Try adding a simple /etc/ipf.rules ruleset: > pass out all > pass in all > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > you have no entry for the ep0 interface and your ifconfig output > suggests ep0 isn't active (or even present). therefore I run a script at boot-time ifconf.sh #!/bin/sh /sbin/ifconfig ep0 down /sbin/ifconfig ep0 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.5.255 /sbin/ifconfig ep0 up [ -x /sbin/ipnat ] && /sbin/ipnat -CF -f /etc/ipnat.conf && ipf - y && echo -n 'ipnat' > On Wed, May 07, 2003 at 03:23:24AM +0200, Ronald Weinrich wrote: > > I build the kernel with > > options IPFILTER > > options IPFILTER_LOG > > options IPFILTER_DEFAULT_BLOCK > Do you have an ipf ruleset loading on boot? > > > in rc.conf is > > hostname="firewall" > > defaultrouter="213.47.28.161" ?????? > > gateway_enable="YES" > > ipnat_enable="YES" > > ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240" > > kern_securelevel_enable="NO" > > linux_enable="NO" > > nfs_reserved_port_only="YES" > > sendmail_enable="YES" > > sshd_enable="YES" > It looks like the answer is no ;/ > > If this is the case then because of the 'IPFILTER_DEFAULT_BLOCK' line in > your kern conf everything will be blocked by default. Try adding a > simple /etc/ipf.rules ruleset: > > pass out all > pass in all > > and make sure you add this to /etc/rc.conf: > > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > > To implement the 'allow all' ruleset either reboot or just do: > > ipf -Fa -f /etc/ipf.rules > > > With luck this should allow you connectivity. > > Regards, > Jez > > PS > > ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240" > Do you have an ifconfig line in /etc/rc.conf for your local network > interface??? > In your other post with the network diagram you say > you have 'ep0' interface configured for your LAN, > but in the rc.conf snippet above > you have no entry for the ep0 interface and your ifconfig output > suggests ep0 isn't active (or even present). > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EB8E570.5774.8DA49D3>