Date: Wed, 06 Sep 2000 13:49:57 -0300 From: Ignacio <izelaya@infovia.com.ar> To: fbsd <questions@freebsd.org> Subject: firewalls for dummies (for me) Message-ID: <39B675B5.67924D6A@infovia.com.ar>
next in thread | raw e-mail | index | archive | help
I'm having problems with the firewall. i have another machine w/ win 98. i want to enable that machine to acces the internet when i connect this via ppp. i bring up the ppp conection, but the other machine cant get to the internet. have i some problems with the pol of ipfw? The kernel is compiled with this options: ---start (some) kernel options--- options MROUTING ## Multicast routing options IPFIREWALL ##firewall options IPFIREWALL_VERBOSE ##print information about dropped packets options IPFIREWALL_FORWARD ##enable transparent proxy support options "IPFIREWALL_VERBOSE_LIMIT=50" ##limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT ##allow everything by default NO! options IPDIVERT ##divert sockets options IPFILTER ##kernel ipfilter support options IPFILTER_LOG ##ipfilter logging options TCPDEBUG pseudo-device ppp 1 pseudo-device tun 1 ---end kernel options--- ---start (related) dmesg echo--- IP packet filtering initialized, divert enabled, \ rule-based forwarding enabled, logging limited to 50 packets/entry IP Filter: initialized. Default = pass all, Logging = enabled ---end dmesg echo--- ---start (related items) rc.conf--- ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0" network_interfaces="ed0 lo0 tun0" hostname="microbio.bbs" firewall_enable="YES" firewall_type="OPEN" defaultrouter="YES" gateway_enable="YES" natd_enable="YES" natd_interface="tun0" natd_flags="-f /etc/natd.conf" ---end rc.conf--- ---start (complete file) rc.firewall--- /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any #future change this!! /sbin/ipfw add 100 pass all from any to any via lo0 /sbin/ipfw add 200 deny all from any to 127.0.0.0/8 ---end rc.firewall--- ---Start (complete file) natd.conf--- log no deny_incoming no same_ports yes dynamic yes verbose no interface tun0 # ICQ Stuff here ---End natd.conf---- ---start (complete file) hosts---- 127.0.0.1 localhost.bbs localhost 192.168.1.1 microbio.bbs microbio 192.168.1.2 matungos.bbs matungos ---end hosts--- microbio:~$ netstat -nrf inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 209.13.169.90 UGSc 8 28 ppp0 127.0.0.1 127.0.0.1 UH 0 11 lo0 192.168.72 link#1 UC 0 0 ed0 192.168.72.2 0:0:21:e2:0:fd UHLW 1 565 ed0 1023 209.13.169.90 209.13.247.56 UH 8 0 ppp0 -- Ignacio Zelaya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39B675B5.67924D6A>