Date: Thu, 13 Dec 2001 11:34:08 -0800 From: Walter McGinnis <wtem@olywa.net> To: Walter McGinnis <wtem@olywa.net>, Donnie Jones <donniejones18@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: upgrade from 4.0 to 4.4 cablem firewall/router ssh problems Message-ID: <v04220801b83eb25939b4@[165.247.202.238]> In-Reply-To: <v04220800b83e9f5ac337@[165.247.209.222]> References: <20011213133805.31126.qmail@web20604.mail.yahoo.com> <v04220800b83e9f5ac337@[165.247.209.222]>
next in thread | previous in thread | raw e-mail | index | archive | help
I just rebooted again for the hell of it (its getting to be addictive) and of course everything except the original problem (no remote ssh from LAN boxes) is fixed. I think I'll send my new found therapy bills to AT&T cuz they are driving me NUTS! Guess its time to order DSL. BTW, I forgot natd_interface="xl0" in the rc.conf list below. Walter At 11:22 AM -0800 12/13/01, Walter McGinnis wrote: >At 5:38 AM -0800 12/13/01, Donnie Jones wrote: >> > Previously, I was able to ssh to remote hosts from >> > my LAN behind my >> > FreeBSD box, after the upgrade and resumption of >> > cable service I >> > can't. I can ssh between boxes on the LAN and from >> > the >> > router/firewall to remote hosts. >> > >> > TIA, >> > >> > Walter McGinnis >> >> >>What rules do you have set up in your firewall? > >I'm using natd and ipfw. I'm starting with a an open script for the >firewall until I get this resolved: > ># ipfw list >00100 divert 8668 ip from any to any via xl0 >00101 allow ip from any to any via lo0 >00200 deny ip from any to 127.0.0.0/8 >03000 allow log logamount 100 ip from any to any >65535 deny ip from any to any > >The 65535 rule concerns me, but I suspect is as a result of the >kernel being set to deny by default. Even after a manual flush it >persists. The other explicit rules that I write overrule 65535, >right? > >> Maybe >>you should move the firewall rules file somewhere else >>and put a new one there that is blank, in order to >>enable the firewall to pass everything through. > >This what I've done: > >from rc.conf: >gateway_enable="YES" >router_enable="YES" >router="routed" >router_flags="-q" >tcp_extensions="NO" >forward_sourceroute="NO" >accept_sourceroute="NO" >hostname="2512-13A.attbi.com" >firewall_enable="YES" >firewall_script="/etc/firewall-1" >firewall_quiet="NO" >natd_enable="YES" >natd_flags="-f /etc/natd.conf" >defaultrouter="12.232.151.1" >network_interfaces="xl0 lo0 rl0" >ifconfig_xl0="inet 12.232.151.171 netmask 255.255.255.0" >ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0" >inetd_enable="NO" >sshd_enable="YES" >sendmail_enable="NO" >kern_securelevel="NO" >... (about if exept mouse, linux,and network time stuff" > >in firewall-1 are all the rules except 635535. > >from natd.conf: > >port 8668 ># same_ports ># unregistered_only >interface xl0 >redirect_port tcp 10.0.0.10:8000-9000 8000-9000 >redirect_port tcp 10.0.0.10:80 80 ># dynamic > > >>Do >>your pc's on the LAN have access to the internet? or >>are you only using them for ssh? > >I had email and web access from my LAN boxes behind the router as of >last night, but this morning not even the router has WAN >web/email/ping/ssh access. I suspect it is because the >defaultrouter (i.e. AT&T's gateway) has gone down and routed is >unable to set up routing tables (netstat -r comes up with nothing >and I get console messages from natd that the host is down). Note >that all the lights on the modem are showing correct status and I >powercycled the bastard for good measure (turn off power, unplug >power supply and ethernet cable, leave off for a minute, plug power >in, watch the pretty lights return to normal, plug ethernet back >in). I've also switched xl0 to "DHCP" incase I lost my lease, but >that doens't work at reboot either. An interesting point is that I >did at one time get DHCP to work and I wrote down the IP of gateway, >name server, and my box just in case, which is what I had working >last night. I was told that the DHCP lease was for 24 hours and it >has definitely been less than that and besides that I'm unable to >get any thing from DHCP. > >That being said, I'm able to ping/ssh my internal boxes from the >router and the other way around on the internal network (10.0.0...) > >Another thing of note is that /etc/defaults/rc.conf seems to >override arbitrary /etc/rc.conf settings. I've commented out >duplicate lines in /etc/defaults/rc.conf and things began to work >(well except for the ssh problem of the original post) when they >were. My understanding is that I shouldn't have to touch >/etc/defaults/rc.conf only /etc/rc.conf, what the hell is going on >with that? > >>Also, any configuration files you have, such as your >>rc.conf and your firewall rules file may be helpful to >>us in answering your questions. >> >>Sorry I can't help more.. yet. > >>-Donnie > >I look forward to your answers. I've been pulling my hair out for days now... > >Walter McGinnis > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04220801b83eb25939b4>