From owner-freebsd-questions Mon Jun 28 9:26:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132]) by hub.freebsd.org (Postfix) with ESMTP id 9863514BDB for ; Mon, 28 Jun 1999 09:26:33 -0700 (PDT) (envelope-from Thierry.Herbelot@alcatel.fr) Received: from aifhs2.alcatel.fr (mailhub.alcatel.fr [155.132.180.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id RAA02037; Mon, 28 Jun 1999 17:23:20 +0200 Received: from lune.telspace.alcatel.fr (lune.telspace.alcatel.fr [155.132.144.65]) by aifhs2.alcatel.fr (ALCANET/SMTP2) with ESMTP id SAA23379; Mon, 28 Jun 1999 18:20:38 +0200 (MET DST) Received: from telss1 (telss1.telspace.alcatel.fr [155.132.51.4]) by lune.telspace.alcatel.fr (8.9.1a/8.9.1) with ESMTP id SAA15858; Mon, 28 Jun 1999 18:04:29 +0200 (MEST) Received: from telspace.alcatel.fr by telss1 (8.8.8+Sun/SMI-SVR4) id SAA27679; Mon, 28 Jun 1999 18:10:28 +0200 (MET DST) Message-ID: <37779FC5.FE60ECFF@telspace.alcatel.fr> Date: Mon, 28 Jun 1999 18:16:05 +0200 From: Thierry Herbelot Reply-To: thierry.herbelot@alcatel.fr Organization: Alcatel CIT Nanterre X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.5.1 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: "David B. Aas" Cc: questions Subject: Re: ipfw & natd -www packets? References: <000201bec17d$b2716040$0fc8a8c0@dave.ciminot.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG First, you MUST keep questions CC'ed, else, this is consulting, and this ain't cheap you have to dig a bit further into your problem (there is not enough info here). you must : - run netstat -nr on all your machines (are your routes set correctly ?) - run ipfw show (what are exactly your firewall rules ?) - tell what version of FreeBSD you are runnning (uname -a) - run tcpdump on both successful and failing connections - describe **very** precisely your network setup (with an ASCII-art drawing if possible) TfH PS : for all commands used, there is a specific manual page which you should read "David B. Aas" wrote: > > Thanks- > > I already have a simple definition set up. I went with all of the defaults, > and was not able to do anything unless I opened it up, which is not what I > wanted. I found I could ping if I added a statement to allow icmp. > > I now have a "simple" firewall with the default rules plus a rule to allow > icmp. It has two network cards in it. I can ping out from the server to the > world, and I can run whois from the command prompt and get a response. From > a workstation I can ping ip numbers on both NICS, the router and the > Internet. I cannont ping a domain name, and I cannot access the Internet > from a workstation, using my FreeBSD computer as my default gateway, and my > workstation on the same subnet as my FreeBSD box. > > I would appreciate your thoughts. > > Dave > > > -----Original Message----- > > From: Thierry.Herbelot@alcatel.fr [mailto:Thierry.Herbelot@alcatel.fr] > > Sent: Monday, June 28, 1999 9:57 AM > > To: David B. Aas > > Cc: questions@FreeBSD.ORG > > Subject: Re: ipfw & natd -www packets? > > > > > > Heloo, > > > > The "simple" type of firewall, as defined in /etc/rc.firewall of a > > recent FreeBSD does allow what you want. > > You just add : firewall_type="simple" to your /etc/rc.conf, and you > > should be done (anyway, all of this is controlled by relativly easy to > > understand scripts, so you should be able to adapt these scripts) > > > > TfH > > > > "David B. Aas" wrote: > > > > > > I ALMOST have my firewall working. I could not ping until i > > added an allow > > > statement to pass ICMP packets. > > > > > > Now I need to get my Windoze computers to access the > > Internet thru my > > > FreeBSD firewall. I am not running DNS or Web services on > > FreeBSD. I only > > > want to pass packets thru natd. > > > > > > Is there a port number that I should use. I tried a rule > > "allow tcp from any > > > to any 80", but it didn't help. > > > > > > Any ideas? > > > > > > Dave Aas > > > dave@ciminot.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > -- > > Thierry Herbelot > > (+33) 1 46 52 47 23 > > http://perso.cybercable.fr/herbelot > > -- Thierry Herbelot (+33) 1 46 52 47 23 http://perso.cybercable.fr/herbelot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message