Date: Thu, 4 Oct 2001 14:05:20 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Arpith Jacob <arpith@geocities.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall troubles Message-ID: <20011004140520.H297@blossom.cjclark.org> In-Reply-To: <OE32d490U3s91NGXpxw00003bd4@hotmail.com>; from arpith@geocities.com on Thu, Oct 04, 2001 at 07:39:52AM %2B0530 References: <OE32d490U3s91NGXpxw00003bd4@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 07:39:52AM +0530, Arpith Jacob wrote:
>
> Hi,
>
> I'm having problems connecting to my freebsd box from my network, I've tried
> nearly everything without any success. I think its a problem with my
> firewall rules.
>
> I cannot ping/telnet/ftp into my freebsd machine. I can however connect to
> the outside world from the bsd box. How can I remove the default "deny"
> clause for the firewall in my kernel options?
>
> Here is my firewall table (ipfw):
> 00100 52 3640 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 65000 156 10249 allow ip from any to any
> 65535 0 0 deny ip from any to any
This does not look like a firewall problem. Your pass rule seems to be
working fine. Nothing is being denied.
> I ran tcpdump on the freebsd machine, I think the kernel is receiving the
> connection requests, but is not passing it through the firewall.
What makes you think that?
> Outside network = p3.scully
> Freebsd mc = p1.scully
>
> 13:44:35.504743 p3.scully > p1.scully: icmp: echo request (DF)
> ..
> ..
> 13:45:03.509338 p3.scully > p1.scully: icmp: echo request (DF)
> 13:45:04.509438 arp who-has p1.scully tell p3.scully
> 13:45:04.509523 p3.scully > p1.scully: icmp: echo request (DF)
> 13:45:04.509645 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
> 13:45:05.509668 p3.scully > p1.scully: icmp: echo request (DF)
> ..
> ..
> 13:45:31.513951 p3.scully > p1.scully: icmp: echo request (DF)
> ..
> 13:45:33.569860 p3.scully.1040 > p1.scully.telnet: S
> 4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234528
> 0,nop,wscale 0> (DF)
> 13:45:34.514374 arp who-has p1.scully tell p3.scully
> 13:45:34.514498 arp reply p1.scully is-at a5:a5:a5:a5:a5:a5
> 13:45:36.564739 p3.scully.1040 > p1.scully.telnet: S
> 4274696198:4274696198(0) win 5840 <mss 1460,sackOK,timestamp 234828
> 0,nop,wscale 0> (DF)
>
> I've been breaking my head over this for a while now.. any help would really
> be appreciated.
I think we'd be better off starting with the ifconfig(8) output from
p1.scully and the IP address of p3.scully.
--
Crist J. Clark cjclark@alum.mit.edu
cjclark@jhu.edu
cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004140520.H297>