Date: 11 Jan 2003 23:36:42 +0000 From: Stacey Roberts <stacey@vickiandstacey.com> To: Nikolaj Farrell <nikk@home.se> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Problems w NIC Message-ID: <1042328202.51041.268.camel@localhost> In-Reply-To: <003701c2b9c4$db6e6950$0100a8c0@athlon> References: <001701c2b987$9fdf72e0$0100a8c0@athlon> <1042300066.51041.227.camel@localhost> <002a01c2b989$f2099e90$1200a8c0@gsicomp.on.ca> <000b01c2b98a$df9981c0$0100a8c0@athlon> <1042301568.51041.233.camel@localhost> <001201c2b98e$063311e0$0100a8c0@athlon> <1042303096.51041.237.camel@localhost> <000301c2b993$55e70610$0100a8c0@athlon> <20030111171152.GH25529@sub21-156.member.dsl-only.net> <001b01c2b995$0dbf6d30$0100a8c0@athlon> <1042305860.51041.240.camel@localhost> <001801c2b999$95567000$0100a8c0@athlon> <1042310110.51041.250.camel@localhost> <002b01c2b9c3$56722e40$0100a8c0@athlon> <1042325630.51041.257.camel@localhost> <003701c2b9c4$db6e6950$0100a8c0@athlon>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sat, 2003-01-11 at 22:57, Nikolaj Farrell wrote: > > Thanks for clarifying things. > > > > I think I understand now. Here's what I (and others as well) believe is > > the root of the problem - its ipfw. > > > > By default its got a rule that reads DENY EVERYTHING. If you run "ipfw > > show" then it'll be right at the bottom. Unless you expressly allow > > traffic with ipfw statements, then you'll get packets not being > > forwarded onto respective destinations. Also if you've not actually > > configured the rule-set (E.G. for logging) then that explains why > > nothing appears in the logs. > > > > You mentioned that you've not configured any rules for the internal > > network, so you've answered you own questions here. Post the output from > > the above ipfw cmd, and I'm sure there'll be lots of assistance for you. > > > > Regards, > > > > Stacey > > > > > Actually... I have compiled ipfw _default to accept_...... and besides, no > other computers on my LAN would work otherwise either. Just for the sake of > it though, here is my ruleset > > su-2.05b# ipfw list > 00190 divert 8668 ip from any to any via xl0 > 00301 deny log logamount 100 tcp from any to any 515 in recv xl0 > 00310 allow tcp from 212.181.54.2 53 to any in recv xl0 > 00311 allow tcp from 212.181.54.3 53 to any in recv xl0 > 00320 allow log logamount 100 tcp from any to any 22 in recv xl0 > 00321 allow log logamount 100 tcp from any to any 21 in recv xl0 > 00322 allow log logamount 100 tcp from any to any 113 in recv xl0 setup > 00323 allow log logamount 100 tcp from any to any 80 in recv xl0 > 00324 allow tcp from any to any 25 via xl0 > 00325 allow tcp from any to any 995 via xl0 > 00395 deny log logamount 100 tcp from any to any 0-1024 in recv xl0 setup > 00396 deny log logamount 100 tcp from any to any 2049 in recv xl0 > 00400 allow udp from 212.181.54.2 53 to any in recv xl0 > 00401 allow udp from 212.181.54.3 53 to any in recv xl0 > 00410 allow udp from any to any 123 in recv xl0 > 00499 deny log logamount 100 udp from any to any in recv xl0 > 00610 allow icmp from 212.181.54.2 to any in recv xl0 > 00611 allow icmp from 212.181.54.3 to any in recv xl0 > 00620 allow log logamount 100 icmp from any to any in recv xl0 icmptype 3 > 00621 allow log logamount 100 icmp from any to any in recv xl0 icmptype 8 > 65535 allow ip from any to any So, you're saying that with this configuration, you: 1] Cannot ping any hosts on the internal network 2] No internal hosts can ping the internal IP address of the g'way. Do this for me:- 1] tail /var/log/security 2] Back-up your current ipfw ruleset - and disconnect (physically) from the internet 3] create a new rule set that reads ipfw add allow log ip any to any 4] reload the new ruleset into place 5] Try connecting to and from other internal hosts 6] Post logs here. Regards, Stacey > > regards > /Nikolaj > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042328202.51041.268.camel>