Date: Sun, 27 Apr 2003 01:02:02 +0100 From: "fdcf" <fdcf@netcabo.pt> To: <freebsd-questions@FreeBSD.org> Cc: freebsd-questions@FreeBSD.org Subject: Gateway Problems Message-ID: <EA91707AE6F4C84495513EFF5117E8970227F08D@VS2.hdi.tvcabo>
next in thread | raw e-mail | index | archive | help
I've problem with my gateway, i've recompiled my kernel with the = options: options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK options RANDOM_IP_ID and when i finish configuration i try to links www.freebsd.org and i = could access any internet pago (NICs are well configures in rc.conf) , = so i decide to create my ipf and ipnat rules. (well configured in = rc.conf) My ipf.rules: .................................... block in log all block out log all pass in quick on lo0 all pass out quick on lo0 all pass in quick on ep0 all pass out quick on ep0 all # [passive ftp client to outside world step 1] pass out quick on ep1 proto tcp from any to any port =3D 21 flags S keep = state keep frags # [smtp to outside world] pass out quick on ep1 proto tcp from any to any port =3D 25 flags S keep = state keep frags # [whois to outside world] pass out quick on ep1 proto tcp from any to any port =3D 43 flags S keep = state keep frags # [domain to outside world] pass out quick on ep1 proto tcp from any to any port =3D 53 flags S keep = state keep frags pass out quick on ep1 proto udp from any to any port =3D 53 keep state = keep frags # [http to outside world] pass out quick on ep1 proto tcp from any to any port =3D 80 flags S keep = state keep frags # [pop3 to outside world] pass out quick on ep1 proto tcp from any to any port =3D 110 flags S = keep state keep frags # [https to outside world] pass out quick on ep1 proto tcp from any to any port =3D 443 flags S = keep state keep frags # [passive ftp to outside world step 2 where the FTP server decides = which port # for ftp data back] pass out quick on ep1 proto tcp from any to any port > 1023 flags S keep = state keep frags # [traceroute to outside world 1st stage: probing...man traceroute(8)] pass out quick on ep1 proto udp from any to any port 33434 >< 33525 keep = state keep frags # [ping to outside world] pass out quick on ep1 proto icmp from any to any keep state keep frags # [dhclient] pass in quick on ep1 proto udp from any to any port =3D 68 keep state = keep frags # [traceroute to internal host 2nd stage: receiving error code of = icmp-type 3 # (destination unreachable) and icmp-type 11 (time exceeded)] pass in quick on ep1 proto icmp from any to any icmp-type 3 keep state = keep frags pass in quick on ep1 proto icmp from any to any icmp-type 11 keep state = keep frags ....................................................... where ep1 is external NIC (connected to the cable modem) and ep0 is my = internal NIC (connected to the Switch) ... my ipnat rules are: ............................................... map ep1 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 7070 raudio/tcp map ep1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000 map ep1 192.168.1.0/24 -> 0.0.0.0/32 ................................... So, why i dont have acess to outside = URL's !? and it's constantly appearing that msg: dhclient: send_packet: No route host
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EA91707AE6F4C84495513EFF5117E8970227F08D>