From owner-freebsd-questions  Wed Aug 12 00:51:24 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA12472
          for freebsd-questions-outgoing; Wed, 12 Aug 1998 00:51:24 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclops.xtra.co.nz (cyclops.xtra.co.nz [202.27.184.96])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA12467
          for <freebsd-questions@FreeBSD.ORG>; Wed, 12 Aug 1998 00:51:21 -0700 (PDT)
          (envelope-from junkmale@pop3.xtra.co.nz)
Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87])
	by cyclops.xtra.co.nz (8.9.1/8.9.1) with SMTP id TAA00553;
	Wed, 12 Aug 1998 19:50:21 +1200 (NZST)
Message-Id: <199808120750.TAA00553@cyclops.xtra.co.nz>
From: "Dan Langille" <junkmale@xtra.co.nz>
Organization: DVL Software Limited
To: Doug White <dwhite@resnet.uoregon.edu>
Date: Wed, 12 Aug 1998 19:50:20 +1200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: ipfw rules
Reply-to: junkmale@xtra.co.nz
CC: freebsd-questions@FreeBSD.ORG
References: <199808110042.MAA10419@cyclops.xtra.co.nz>
In-reply-to: <Pine.BSF.4.00.9808120030250.28795-100000@resnet.uoregon.edu>
X-mailer: Pegasus Mail for Win32 (v3.01b)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 12 Aug 98, at 0:31, Doug White wrote:

> 
> On Tue, 11 Aug 1998, Dan Langille wrote:
> 
> > I'm using ipfw and natd for my home subnet.  The FreeBSD box acts as a
> > gateway to my ADSL connection.  I'm using the simple firewall as
> > defined in rc.firewall.  However, some of the default rules are
> > preventing some services from working.  But I don't understand why.
> > 
> > Below are the rules and a description of what they prevent when they
> > are enabled.  If someone could explain why the rule stops what it
> > does, I would appreciate it.
> > 
> > oif=ed0
> > 
> > # if either of the following two lines are enabled, it stops my
> > # Pegasus email client from accessing the POP server at my ISP
> > add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
> 
> Stop any packets originating from 192.168.x.x from leaving this machine.
> What's the machine's IP?

ed0 (outside world) is not within this range.  ed1 (my subnet) is.  Isn't
this rule trying to stop packets going out on ed0 (outside world)?

> 
> > add pass tcp from any to any setup
> 
> Allows TCP connections to start but probably blocks the rest because of
> the above rule.

Yeah.  Strange.  These are the default rules within rc.firewall.

--
Dan Langille
DVL Software Limited
http://www.dvl-software.com/freebsd : my [mis]adventures

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message