From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 26 17:04:35 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0D6D037B401
	for <freebsd-questions@FreeBSD.org>;
	Sat, 26 Apr 2003 17:04:35 -0700 (PDT)
Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2083843F3F
	for <freebsd-questions@FreeBSD.org>;
	Sat, 26 Apr 2003 17:04:34 -0700 (PDT)	(envelope-from fdcf@netcabo.pt)
Received: from smtp.netcabo.pt ([192.168.16.51]) by smtp.netcabo.pt with
	Microsoft SMTPSVC(5.0.2195.5329);	 Sun, 27 Apr 2003 01:02:02 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
Date: Sun, 27 Apr 2003 01:02:02 +0100
Message-ID: <EA91707AE6F4C84495513EFF5117E8970227F08D@VS2.hdi.tvcabo>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Gateway Problems
Thread-Index: AcMMUDran2blIkQ7Q2S90IpWneDAxQ==
From: "fdcf" <fdcf@netcabo.pt>
To: <freebsd-questions@FreeBSD.org>
X-OriginalArrivalTime: 27 Apr 2003 00:02:02.0387 (UTC)
	FILETIME=[3B090630:01C30C50]
cc: freebsd-questions@FreeBSD.org
Subject: Gateway Problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2003 00:04:35 -0000

I've problem with my gateway, i've recompiled my kernel with the =
options:

options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
options RANDOM_IP_ID

and when i finish configuration i try to links www.freebsd.org and i =
could access any internet pago (NICs are well configures in rc.conf) , =
so i decide to create my ipf and ipnat rules. (well configured in =
rc.conf)


My ipf.rules:
....................................

block in log all
block out log all

pass in quick on lo0 all
pass out quick on lo0 all

pass in quick on ep0 all
pass out quick on ep0 all

# [passive ftp client to outside world step 1]
pass out quick on ep1 proto tcp from any to any port =3D 21 flags S keep =
state keep frags
# [smtp to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 25 flags S keep =
state keep frags
# [whois to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 43 flags S keep =
state keep frags
# [domain to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 53 flags S keep =
state keep frags
pass out quick on ep1 proto udp from any to any port =3D 53 keep state =
keep frags
# [http to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 80 flags S keep =
state keep frags
# [pop3 to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 110 flags S =
keep state keep frags
# [https to outside world]
pass out quick on ep1 proto tcp from any to any port =3D 443 flags S =
keep state keep frags
# [passive ftp to outside world step 2 where the FTP server decides =
which port
# for ftp data back]
pass out quick on ep1 proto tcp from any to any port > 1023 flags S keep =
state keep frags
# [traceroute to outside world 1st stage: probing...man traceroute(8)]
pass out quick on ep1 proto udp from any to any port 33434 >< 33525 keep =
state keep frags
# [ping to outside world]
pass out quick on ep1 proto icmp from any to any keep state keep frags

# [dhclient]
pass in quick on ep1 proto udp from any to any port =3D 68 keep state =
keep frags
# [traceroute to internal host 2nd stage: receiving error code of =
icmp-type 3
# (destination unreachable) and icmp-type 11 (time exceeded)]
pass in quick on ep1 proto icmp from any to any icmp-type 3 keep state =
keep frags
pass in quick on ep1 proto icmp from any to any icmp-type 11 keep state =
keep frags


.......................................................
where ep1 is external NIC (connected to the cable modem) and ep0 is my =
internal NIC (connected to the Switch) ...

my ipnat rules are:
...............................................
map ep1 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 7070 raudio/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map ep1 192.168.1.0/24 -> 0.0.0.0/32
................................... So, why i dont have acess to outside =
URL's !?

and it's constantly appearing that msg:
dhclient: send_packet: No route host