Date: Tue, 28 Jan 2003 00:12:37 -0500 From: "Asenchi" <asenchi@asenchi.com> To: "Bill Moran" <wmoran@potentialtech.com> Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: RE: Firewall + DHCP (STILL) Message-ID: <NHBBIMEIGLCBNPAEPGDPAEJECJAA.asenchi@asenchi.com> In-Reply-To: <3E360DA2.2090007@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I can't figure this out? I want to reiterate my appreciation for your help.
It still isn't working.
I added:
network_interfaces="vr0 rl0 lo0"
and even rebooted to see if that would work (rather than using
/etc/netstart) nothing.
I guess let me ask this, if you were going to setup a firewall running natd,
configured with two nics and the oif connected to DHCP would you do this
following?
Base install,
Kernel reconfig installing ipfw + natd
configuring in rc.conf oif card w/ DHCP and internal with generic ip's
config rc.firewall
what am i missing? again thank you...
frustrated,
curt
-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bill Moran
Sent: Monday, January 27, 2003 11:57 PM
To: Asenchi
Cc: freebsd-questions@FreeBSD. ORG
Subject: Re: Firewall + DHCP (STILL)
Asenchi wrote:
>>What do you mean by "not able to _keep_ a connection"? Are you saying
that
>>your DHCP addy expires and can't be renewed? Or is there something more
to
>>the problem (i.e., the link layer connection fails?)
>
> It won't pick up an ip from my provider. When I boot up, ifconfig in
dmesg
> shows an ip, but nothing will connect. If I do an 'ifconfig -a' it will
> show up 0.0.0.0.
OK, that clears that up.
>>To clarify:
>>if you type:
>>killall dhclient
>>ifconfig vr0 inet 10.1.1.1 netmaks 255.0.0.0
>>ifconfig
>>Does it display the 10.1.1.1 address, or is there still no ip addy on
>>vr0?
>
> Yes I can configure it for an address...I think it has something to do
with
> dhclient.
Ok, so it appears as though the NIC and the driver are working ...
>>${fwcmd} add 0200 allow all from any to any
>
>>If this is truely the firewall rules you are using, then every rule after
>>this one is redundant, as this constitutes an "open" firewall, which is
>>almost the same as no firewall at all (except for the divert rule).
>
> Yes I am aware of this. I have it in there to try and get a connection.
It
> normally isn't in there.
Gotcha, so for now we're ruling out the firewall as a problem, good
strategy.
> #vi /etc/rc.conf
> # -- sysinstall generated deltas -- # Thu Nov 14 10:01:53 2002
> # Created: Thu Nov 14 10:01:53 2002
> # Enable network daemons for user convenience.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> # This file now contains just the overrides from /etc/defaults/rc.conf.
> #Network Stuff
> hostname="world.attbi.com"
Try adding a line at this point in the file (actually, I don't think it
really matters exactly _where_ you put it in the file)
network_interfaces="vr0 rl0 lo0"
And see if things start acting nicer. This may solve the problem, let
me know either way.
> ifconfig_vr0="DHCP"
> ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0"
> ifconfig_lo0="inet 127.0.0.1 netmask 255.0.0.0"
> gateway_enable="YES"
<Snip the remaining rc.conf and other sys info>
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NHBBIMEIGLCBNPAEPGDPAEJECJAA.asenchi>