Date: Sat, 17 Jun 2000 00:11:44 -0700 (PDT) From: David Daugherty <doc@wcug.wwu.edu> To: cjclark@alum.mit.edu Cc: questions@FreeBSD.ORG Subject: Re: ipfw to localhost? Message-ID: <Pine.LNX.3.96.1000617000834.31551A-100000@sloth> In-Reply-To: <20000616214910.D310@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem was in my nated.conf. I was using some 3.4 commands
apparently. I'd used this same .conf file on 3.4 and tried to copy it into
a 4.0 install. The two lines causing the problem were:
unregistered only
use sockets
I'm not sure why this didn't show during my boot process in messages. I
just happened to catch it when I ran /etc/netstart.
David
Software Engineer - NetManage
Work email: david.daugherty@netmanage.com
Home email: doc@wcug.wwu.edu
ICQ 21106703
Washington State Resident
On Fri, 16 Jun 2000, Crist J. Clark wrote:
> On Fri, Jun 16, 2000 at 05:06:48PM -0700, David Daugherty wrote:
> > I've really munged up my firewall recently and I'm trying to figure out
> > where I've screwed up (which file). This is on a box which is acting as
> > router to the rest of my 192.168. network.
>
> Sounds like trouble with your firewall rules or natd or both.
>
> > I've managed to make my machine pingable to the outside world again by
> > commenting out all of the firewall stuff in my rc.conf
> > #firewall_enable="YES"
> > #firewall_type="open"
> > If I uncomment this and reboot I can't ping out nor is my box pingable
> > from the outside.
>
> Sounds like trouble with your firewall rules or natd or both.
>
> > Unfortunately by commenting this out I no longer provide Internet access
> > to the machines behind the router. I noticed in my /var/log/ipfw.today I
> > have:
> > 00200 2 78 deny ip from any to 127.0.0.0/8
> > I have nothing like this in my natd.conf nor my rc.firewall. Where else
> > would I be able to find this line? Why would shutting down my firewall
> > deny access to the Internet from my internal machines?
>
> The following are in the default rc.firewall,
>
> ############
> # Only in rare cases do you want to change these rules
> #
> ${fwcmd} add 100 pass all from any to any via lo0
> ${fwcmd} add 200 deny all from any to 127.0.0.0/8
>
> Did you remove them in yours?
>
> Please post your firewall rules and natd configuration (rc.conf and a
> natd.conf file if it exists).
> --
> Crist J. Clark cjclark@alum.mit.edu
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.1000617000834.31551A-100000>