Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jun 1999 18:16:05 +0200
From:      Thierry Herbelot <Thierry.Herbelot@alcatel.fr>
To:        "David B. Aas" <dave@ciminot.com>
Cc:        questions <questions@freebsd.org>
Subject:   Re: ipfw & natd -www packets?
Message-ID:  <37779FC5.FE60ECFF@telspace.alcatel.fr>
References:  <000201bec17d$b2716040$0fc8a8c0@dave.ciminot.com>

next in thread | previous in thread | raw e-mail | index | archive | help
First, you MUST keep questions CC'ed, else, this is consulting, and this
ain't cheap

you have to dig a bit further into your problem (there is not enough
info here).

you must :
- run netstat -nr on all your machines (are your routes set correctly ?)
- run ipfw show (what are exactly your firewall rules ?)
- tell what version of FreeBSD you are runnning (uname -a)
- run tcpdump on both successful and failing connections 
- describe **very** precisely your network setup (with an ASCII-art
drawing if possible)

	TfH

PS : for all commands used, there is a specific manual page which you
should read 


"David B. Aas" wrote:
> 
> Thanks-
> 
> I already have a simple definition set up. I went with all of the defaults,
> and was not able to do anything unless I opened it up, which is not what I
> wanted. I found I could ping if I added a statement to allow icmp.
> 
> I now have a "simple" firewall with the default rules plus a rule to allow
> icmp. It has two network cards in it. I can ping out from the server to the
> world, and I can run whois from the command prompt and get a response. From
> a workstation I can ping ip numbers on both NICS, the router and the
> Internet. I cannont ping a domain name, and I cannot access the Internet
> from a workstation, using my FreeBSD computer as my default gateway, and my
> workstation on the same subnet as my FreeBSD box.
> 
> I would appreciate your thoughts.
> 
> Dave
> 
> > -----Original Message-----
> > From: Thierry.Herbelot@alcatel.fr [mailto:Thierry.Herbelot@alcatel.fr]
> > Sent: Monday, June 28, 1999 9:57 AM
> > To: David B. Aas
> > Cc: questions@FreeBSD.ORG
> > Subject: Re: ipfw & natd -www packets?
> >
> >
> > Heloo,
> >
> > The  "simple" type of firewall, as defined in /etc/rc.firewall of a
> > recent FreeBSD does allow what you want.
> > You just add : firewall_type="simple" to your /etc/rc.conf, and you
> > should be done (anyway, all of this is controlled by relativly easy to
> > understand scripts, so you should be able to adapt these scripts)
> >
> >       TfH
> >
> > "David B. Aas" wrote:
> > >
> > > I ALMOST have my firewall working. I could not ping until i
> > added an allow
> > > statement to pass ICMP packets.
> > >
> > > Now I need to get my Windoze computers to access the
> > Internet thru my
> > > FreeBSD firewall. I am not running DNS or Web services on
> > FreeBSD. I only
> > > want to pass packets thru natd.
> > >
> > > Is there a port number that I should use. I tried a rule
> > "allow tcp from any
> > > to any 80", but it didn't help.
> > >
> > > Any ideas?
> > >
> > > Dave Aas
> > > dave@ciminot.com
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> >
> > --
> > Thierry Herbelot <thierry.herbelot@alcatel.fr>
> > (+33) 1 46 52 47 23
> > http://perso.cybercable.fr/herbelot
> >

-- 
Thierry Herbelot <thierry.herbelot@alcatel.fr>
(+33) 1 46 52 47 23
http://perso.cybercable.fr/herbelot


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37779FC5.FE60ECFF>