From owner-freebsd-security  Sun Jun 27 19: 7:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from smtp13.bellglobal.com (smtp13.bellglobal.com [204.101.251.52])
	by hub.freebsd.org (Postfix) with ESMTP id 72EBC15269
	for <freebsd-security@FreeBSD.ORG>; Sun, 27 Jun 1999 19:07:17 -0700 (PDT)
	(envelope-from ralph@tinynet.hamilton.on.ca)
Received: from starlight.tinynet.hamilton.on.ca (ppp6554.on.bellglobal.com [206.172.208.146])
	by smtp13.bellglobal.com (8.8.5/8.8.5) with ESMTP id WAA17281;
	Sun, 27 Jun 1999 22:08:34 -0400 (EDT)
Received: from localhost (ralph@localhost)
	by starlight.tinynet.hamilton.on.ca (8.9.3/8.9.3) with SMTP id WAA99994;
	Sun, 27 Jun 1999 22:04:14 -0400 (EDT)
	(envelope-from ralph@starlight.tinynet.hamilton.on.ca)
Date: Sun, 27 Jun 1999 22:04:11 -0400 (EDT)
From: Ralph Strohschein <ralph@tinynet.hamilton.on.ca>
To: Michael Maxwell <drwho@xnet.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: firewalling problem.
In-Reply-To: <19990626210402.B1580@atlas.topquark.org>
Message-ID: <Pine.BSF.3.96.990627215958.35766C-100000@starlight.tinynet.hamilton.on.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 26 Jun 1999, Michael Maxwell wrote:

> I have attached my /etc/rc.firewall as it currently is... please have a look
> for more info:
> 
> Problem:
>  I cannot allow my local net machines to talk outside to the net and still
> have a useful firewall at the same time.  The rule that allows the local
> hosts to talk outside completely defeats the purpose of having any OTHER
> rules in the first place (ipfw allow ip from any to any).  I have tried
> restricting the first "any" to <mynet>:<mymask>, but this also does not
> work.
> 
> Any help I can get on this would be VERY much appreciated.  Reading the 
> docs doesn't help much at all, and all the examples I've looked at on the
> net are of little help on this one, too...  It took me two weeks just to
> get this far...
> 
> Thanks again...
> 
> 
> -- 
>     Michael Maxwell <drwho @ xnet.com>  |  http://www.xnet.com/~drwho/
>   -- NATO: Now that you've destroyed Serbia, who you gonna kill next? --
> 
Your inside address is 192.168.16.1, which is a RFC1918 address. Look
at the RFC1918 section in your rc.firewall. You are blocking all traffic
to and from 192.168.X.X via ppp0.





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message