From owner-freebsd-questions Mon Nov 5 16:30:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web12008.mail.yahoo.com (web12008.mail.yahoo.com [216.136.172.216]) by hub.freebsd.org (Postfix) with SMTP id 0958337B405 for ; Mon, 5 Nov 2001 16:30:20 -0800 (PST) Message-ID: <20011106003019.97914.qmail@web12008.mail.yahoo.com> Received: from [61.9.188.121] by web12008.mail.yahoo.com via HTTP; Tue, 06 Nov 2001 11:30:19 EST Date: Tue, 6 Nov 2001 11:30:19 +1100 (EST) From: =?iso-8859-1?q?Keith=20Spencer?= Subject: Re: No lan ftp out nor ntp from LAN - where do i start to look? To: james_mapson@museum.rain.com, fbsd In-Reply-To: <20011104164441.A18351@museum.rain.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi OK... I meant 192.168.1.0... With the firewal totally open it doesn't happen! NATD? I am using ipnat...doesn;'t that do the address translation I need? Regards Keith --- list wrote: > On Mon, Nov 05, 2001 at 10:51:14AM +1100, Keith > Spencer wrote: > > The internal LAN is 129.168.1.0/24 space > > That is not a valid address space, unless your > ISP has assigned you that entire block of addresses. > Some things may be working in spite of your choice > of IPs, but unless your LAN is intended to be > in the public IP space, you should choose a net- > work from the RFC1918 pool of addresses. > > That said, you don't say whether you're running NATD > > on the gateway. You likely need to. > > You also don't list your firewall rules. I don't > speak > ipf, I do ipfw, but I think the general trouble- > shooting process is the same. Generate some of the > traffic you suspect is being blocked. Watch the > hit counts on your rules to see which rule is > blocking > the traffic. Optionally, change that rule to log > the traffic that it is blocking. Then create a new > rule which is designed to pass the specific kind of > traffic which is being blocked. Insert that rule > at some point ahead of the rule which is currently > blocking that traffic. > > So choose proper LAN IP addresses, make sure your > NAT is working, and then do some before-and-after > comparisons on your firewall rules to see which > rule is blocking the traffic, and create new rules > which will pass the traffic you wish to pass. > > Regards from Portland, > > James > http://briefcase.yahoo.com.au - Yahoo! Briefcase - Manage your files online. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message