Date: Mon, 15 Sep 2003 18:56:07 -0400 From: "Bob Hall" <rjhjr@cox.net> To: freebsd-questions@freebsd.org Subject: Re: firewall Message-ID: <20030915225606.GB653@kongemord.krig.net> In-Reply-To: <20030915212551.13a47734.y2kbug@ms25.hinet.net> References: <20030914172715.20a91c69.y2kbug@ms25.hinet.net> <20030915035239.GB89689@kongemord.krig.net> <20030915212551.13a47734.y2kbug@ms25.hinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 15, 2003 at 09:25:51PM +0800, Robert Storey wrote: > On Sun, 14 Sep 2003 23:52:40 -0400 > "Bob Hall" <rjhjr@cox.net> wrote: > > > Could you be more specific about what doesn't work? Have you tried > > ping and traceroute? nslookup? HTTP? Sometimes when people are having > > trouble, it turns out that they are having trouble with specific apps, > > but otherwise can connect successfully. > > > > It looks like you're using the CLIENT ruleset from the default > > rc.firewall. If this firewall is for a LAN, you will have more success > > with the SIMPLE ruleset. (I made the same mistake the first time I set > > up a LAN firewall.) > > Thanks, that was a good suggestion (to use the SIMPLE ruleset). However, > I'm still not getting through with PPP. Here is the output of ifconfig > when I'm online: > > > bob@sonic:~> ifconfig > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet6 fe80::20c:6eff:fe0a:ca02%vr0 prefixlen 64 scopeid 0x1 > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 > ether 00:0c:6e:0a:ca:02 > media: Ethernet autoselect (none) > status: no carrier > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 > inet 61.227.219.11 --> 168.95.46.33 netmask 0xff000000 > > AND the result of a ping: > bob@sonic:~> ping slashdot.org > ping: cannot resolve slashdot.org: Host name lookup failure > > > This is my current configuration in /etc/rc.firewall: > > # set these to your outside interface network and netmask and ip > oif="ppp0" > onet="168.95.0.0" > omask="255.255.255.255" > oip="168.95.0.0" > > # set these to your inside interface network and netmask and ip > iif="vr0" > inet="192.168.0.0" > imask="255.255.255.0" > iip="192.168.0.2" Another poster pointed out, and I seconded, that you need to set up NAT. There was no divert rule in your previous rule list, and you haven't mentioned setting up NAT, so I assume you still haven't done it. Without NAT, your gateway computer will be able to use PPP without your previous firewall, but none of your other computers will be able to connect. Once you've got NAT set up, your oip should be 168.95.46.33. Bob Hall
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030915225606.GB653>