Date: Fri, 18 Oct 2002 11:31:35 -0500 From: mh <bikeIN@canada.com> To: freebsd-questions@FreeBSD.org Subject: Mac can't connect to Internet Message-ID: <1034958695.580.28.camel@hammarlund.radio.org>
next in thread | raw e-mail | index | archive | help
I have FreeBSD, 4.7 Stable running as a gateway box, with a Debian box
also on the network. The gateway is connected to a Comcast cable modem,
and is running ipfw as a firewall. Both boxes can see/connect each other
and the Internet.
I added a Powerbook, OS X, to the local network, configured /etc/hosts
and /etc/resolv.conf. PB can ping the other boxes ok, but can't see the
Internet. The other boxes can ping the PB ok. Looks like a firewall
problem. If I connect the PB to the cable modem directly, the PB
connects ok.
It appears that the PB is trying to send UDP packets out on port 67, so
I tried to open up the firewall for UDP traffic (not a good idea?) but
still can't see outside the local network. Attached is my rc.firewall.
In /etc/rc.conf I have firewall_type="open" and added some rules to the
"open" section in rc.firewall.
What am I doing wrong? Thanks.
Michael Heyes
############
# Flush out the list before we begin.
#
${fwcmd} -f flush
############
# Network Address Translation. All packets are passed to natd(8)
# before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any
via ${natd_interface}
fi
;;
esac
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open. You can also
# do this as your only action by setting the firewall_type to ``open''.
#
# ${fwcmd} add 65000 pass all from any to any
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
#${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
${fwcmd} add 300 check-state
${fwcmd} add 350 allow all from 192.168.0.0/16 to any
${fwcmd} add 352 allow ip from any to 192.168.0.0/16
${fwcmd} add 400 allow tcp from any to any in established
${fwcmd} add 410 pass tcp from any to any keep-state out setup
${fwcmd} add 420 pass udp from any to any 53 in recv dc0
${fwcmd} add 430 pass udp from any to any out
${fwcmd} add 440 pass icmp from any to any icmptypes 3
${fwcmd} add 450 pass icmp from any to any icmptypes 4
${fwcmd} add 460 pass icmp from any to any icmptypes 8
${fwcmd} add 470 pass icmp from any to any in icmptypes 0
${fwcmd} add 480 deny ip from any to any
${fwcmd} add 65000 pass all from any to any
;;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1034958695.580.28.camel>