Date: Fri, 29 Sep 2000 18:51:04 -0600 From: James Gorham <james@veldt.com> To: freebsd-questions@freebsd.org Subject: Re: Help! IPFW Problems(update) Message-ID: <p05001900b5fae7ab8c84@[192.168.1.2]>
next in thread | raw e-mail | index | archive | help
Ok, I recompiled the kernel and it seems to be working better. I still get the IP_FW errors that I described before, but I can now ping out to the world from the FreeBSD box without getting the sendto: permission denied errors. I'm thinking I need some more tweaking on rc.conf and things will start to shape up. I'm going to paste my rc.conf here (with IPs changed), my public interface is dc0, the LAN interface is de0. The LAN machines are set to use 192.168.1.1 as their router, and appear to be able to lookup names (they also use 192.168.1.1 as the nameserver), can get to the machine itself, but can't get out to the internet. The errors I mentioned about IP_FW are as follows: 0050 divert 8668 ip from any to any via dc0 ipfw: setsockopt(IP_FW_ADD): Invalid argument 00100 allow ip from any to any via lo0 ipfw: setsockopt(IP_FW_ADD): Invalid argument 00200 deny ip from any to 127.0.0.0/8 ipfw: setsockop(IP_FW-AD): Invalid Argument 65000 allow ip from any to any ipfw: setsockopt(IP_FW_ADD): Invalid argument I'm thinking this is still a problem with my rc.conf settings, just can't quite figure out what. I haven't ever touched rc.firewall, so I can't think that would be it. -j # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. # -- sysinstall generated deltas -- # ifconfig_dc0="inet 216.128.57.99 netmask 255.255.255.0" ifconfig_de0="inet 192.168.1.1 netmask 255.255.255.0" hostname="autobot.veldt.com" moused_port="/dev/cuaa0" moused_type="intellimouse" moused_enable="YES" firewall_enable="YES" firewall_type="open" defaultrouter="216.128.57.254" sshd_enable="YES" natd_enable="YES" natd_program="/sbin/natd" natd_interface="dc0" #natd_interface="216.128.57.99" #ifconfig_dc0_alias0="inet 192.168.1.1 netmask 255.255.255.0" ntpdate_enable="YES" ntpdate_flags="time.apple.com" xntpd_enable="YES" named_enable="YES" gateway_enable="YES" #natd_flags="-redirect_port tcp 192.168.1.2:1200-1300 1200-1300" #natd_flags="-redirect_port tcp 192.168.1.2:5190 5190" #natd_flags="-a 216.128.57.99" natd_flags="-log" tcp_extensions="YES" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001900b5fae7ab8c84>