From owner-freebsd-ipfw@FreeBSD.ORG Tue May 8 16:07:46 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4546016A402 for ; Tue, 8 May 2007 16:07:46 +0000 (UTC) (envelope-from gbell72@rogers.com) Received: from web88009.mail.re2.yahoo.com (web88009.mail.re2.yahoo.com [206.190.37.196]) by mx1.freebsd.org (Postfix) with SMTP id E08E313C44B for ; Tue, 8 May 2007 16:07:40 +0000 (UTC) (envelope-from gbell72@rogers.com) Received: (qmail 77183 invoked by uid 60001); 8 May 2007 15:40:58 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=Eq3K0ZwveoYx5ioeDdTKHIVe6jBNl6RdKUsmDBUi1Sn7rfIVK54v+m5luRIo8SWBFjjr96AH+nHfCSyvLSKQVbhiZgCX7CrWyhMQ42wzfTLjD3OOjAG93B18MC87+tjV21HT83VCfx/ayKtL9kQYYpVyqB/VwnQQ7FayqzmUcVQ=; X-YMail-OSG: wuTxU_sVM1kfap3_rl91ya0R5pvkSDtI0KeR_vhISJLxRQnjk1txPw.04rfx8TenzTP.u4zk6GgWvXQqmscaPORJOgGKumCY.BhFI5pBqXYsJ7XjOeXgViQn.F6XA2gjyNJx7V.fGBBntL_On5kfWTl_QSdtSynOUNHS7NvzwlT6PfA0IfMo Received: from [74.100.62.56] by web88009.mail.re2.yahoo.com via HTTP; Tue, 08 May 2007 11:40:58 EDT Date: Tue, 8 May 2007 11:40:58 -0400 (EDT) From: Gardner Bell To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Message-ID: <853764.71287.qm@web88009.mail.re2.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPFW and NATD problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 May 2007 16:07:46 -0000 Hi all, I've been following the IPFW section in the handbook and /etc/rc.firewall to try and setup a gateway for my home LAN but I'm having a bit of trouble getting access to the internet. My network setup looks like so. 192.168.x.x bge1 - 192.168.x.x bge0 x.x.x.x --LAN------------Switch---------FreeBSD-------------------------------ISP Bge0 successfully receives an IP from my ISP's DHCP server and I can ping the LAN without any issues. When it comes to accessing the internet I get a hostname lookup failure. Any help resolving this is greatly appreciated. Gardner mx1# ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from 192.168.1.0/24 to any in via bge0 00500 deny log logamount 3 ip from x.x.x.x/25 to any in via bge1 00600 deny ip from any to 10.0.0.0/8 via bge0 00700 deny ip from any to 172.16.0.0/12 via bge0 00800 deny ip from any to 192.168.0.0/16 via bge0 00900 deny ip from any to 0.0.0.0/8 via bge0 01000 deny ip from any to 169.254.0.0/16 via bge0 01100 deny ip from any to 192.0.2.0/24 via bge0 01200 deny ip from any to 224.0.0.0/4 via bge0 01300 deny ip from any to 240.0.0.0/4 via bge0 01400 divert 8668 ip from any to any in via bge0 01500 allow ip from any to any via bge1 01600 deny ip from 10.0.0.0/8 to any via bge0 01700 deny ip from 172.16.0.0/12 to any via bge0 01800 deny ip from 192.168.0.0/16 to any via bge0 01900 deny ip from 0.0.0.0/8 to any via bge0 02000 deny ip from 169.254.0.0/16 to any via bge0 02100 deny ip from 192.0.2.0/24 to any via bge0 02200 deny ip from 224.0.0.0/4 to any via bge0 02300 deny ip from 240.0.0.0/4 to any via bge0 02400 allow tcp from any to x.x.x.x dst-port 53 out via bge0 setup keep-state 02500 allow udp from any to x.x.x.x dst-port 53 out via bge0 keep-state 02600 allow udp from any to x.x.x.x dst-port 67 out via bge0 keep-state 02700 allow tcp from any to any dst-port 80 out via bge0 setup keep-state 02800 allow tcp from any to any dst-port 443 out via bge0 setup keep-state 02900 allow tcp from any to any dst-port 25 out via bge0 setup keep-state 03000 allow tcp from any to any dst-port 110 out via bge0 setup keep-state 03100 allow tcp from any to any dst-port 21 out via bge0 setup keep-state 03200 allow tcp from any to any dst-port 3724 out via bge0 setup keep-state 03300 allow icmp from any to any out via bge0 keep-state 03400 allow tcp from any to any dst-port 43 out via bge0 setup keep-state 03500 allow udp from any to any dst-port 123 out via bge0 keep-state 03600 reset tcp from any to any dst-port 113 in via bge0 03700 allow udp from x.x.x.x to any dst-port 68 in via bge0 keep-state 03800 deny tcp from any to any dst-port 137 in via bge0 03900 deny tcp from any to any dst-port 138 in via bge0 04000 deny tcp from any to any dst-port 139 in via bge0 04100 deny tcp from any to any dst-port 389 in via bge0 04200 deny tcp from any to any dst-port 445 in via bge0 04300 deny ip from any to any frag 04400 deny log logamount 3 ip from any to 255.255.255.255 65535 deny ip from any to any