Date: Sat, 17 Jun 2000 00:11:44 -0700 (PDT) From: David Daugherty <doc@wcug.wwu.edu> To: cjclark@alum.mit.edu Cc: questions@FreeBSD.ORG Subject: Re: ipfw to localhost? Message-ID: <Pine.LNX.3.96.1000617000834.31551A-100000@sloth> In-Reply-To: <20000616214910.D310@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem was in my nated.conf. I was using some 3.4 commands apparently. I'd used this same .conf file on 3.4 and tried to copy it into a 4.0 install. The two lines causing the problem were: unregistered only use sockets I'm not sure why this didn't show during my boot process in messages. I just happened to catch it when I ran /etc/netstart. David Software Engineer - NetManage Work email: david.daugherty@netmanage.com Home email: doc@wcug.wwu.edu ICQ 21106703 Washington State Resident On Fri, 16 Jun 2000, Crist J. Clark wrote: > On Fri, Jun 16, 2000 at 05:06:48PM -0700, David Daugherty wrote: > > I've really munged up my firewall recently and I'm trying to figure out > > where I've screwed up (which file). This is on a box which is acting as > > router to the rest of my 192.168. network. > > Sounds like trouble with your firewall rules or natd or both. > > > I've managed to make my machine pingable to the outside world again by > > commenting out all of the firewall stuff in my rc.conf > > #firewall_enable="YES" > > #firewall_type="open" > > If I uncomment this and reboot I can't ping out nor is my box pingable > > from the outside. > > Sounds like trouble with your firewall rules or natd or both. > > > Unfortunately by commenting this out I no longer provide Internet access > > to the machines behind the router. I noticed in my /var/log/ipfw.today I > > have: > > 00200 2 78 deny ip from any to 127.0.0.0/8 > > I have nothing like this in my natd.conf nor my rc.firewall. Where else > > would I be able to find this line? Why would shutting down my firewall > > deny access to the Internet from my internal machines? > > The following are in the default rc.firewall, > > ############ > # Only in rare cases do you want to change these rules > # > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > > Did you remove them in yours? > > Please post your firewall rules and natd configuration (rc.conf and a > natd.conf file if it exists). > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.1000617000834.31551A-100000>