Date: Sat, 16 Aug 2003 00:58:48 +0100 From: "geek" <geek@netcabo.pt> To: <FreeBSD-questions@FreeBSD.org> Subject: Gateway problemas Message-ID: <2305CFC39C15AA4896E06E5C91C509EF03743858@VS2.hdi.tvcabo>
next in thread | raw e-mail | index | archive | help
Hey guys, i have a weird problem , that i'm trying to resolve! My = network is: a cable modem connected to the first NIC and the second NIC = connected to the switch, and i decide to reinstall freebsd on my gateway = and put new ipf.rules but after i put the new rules, i dont have access = to the internet, not in the gateway neither on the other computers on = the LAN! My ipf.rules are: # # Interface: # lo0 - loopback # ep0 - internal to private network # ep1 - external to cable modem # # Filtering policy ordering: # + Block everything unless there are permit (pass) rules # - Permit all loopback packets to flow freely # - Permit all internal network packets to flow freely # - Permit individual type of service to flow freely to outside = world: # ftp # smtp # whois # dns # http/https # pop3 # traceroute # ping # dhclient # + Since there are no permit(pass) rules at this stage, everything # else is blocked! # = +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++ # Interface: all # Block all incoming and outgoing packets unless they're allowed later. # = +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++ block in log all block out log all # = -------------------------------------------------------------------------= # Interface: lo0 # Allow loopback to flow freely. # = -------------------------------------------------------------------------= pass in quick on lo0 all pass out quick on lo0 all # = -------------------------------------------------------------------------= # = -------------------------------------------------------------------------= # Interface: ep0 # Allow internal traffic to flow freely. # = -------------------------------------------------------------------------= pass in quick on ep0 all pass out quick on ep0 all # = -------------------------------------------------------------------------= # = -------------------------------------------------------------------------= # Interface: ep1 # Allow _internal_ and fw initiated connections from hosts behind NAT to # outside world. # = -------------------------------------------------------------------------= # [passive ftp client to outside world step 1] pass out quick on ep1 proto tcp from any to any port =3D 21 flags S keep = state keep frags # [smtp to outside world] pass out quick on ep1 proto tcp from any to any port =3D 25 flags S keep = state keep frags # [whois to outside world] pass out quick on ep1 proto tcp from any to any port =3D 43 flags S keep = state keep frags # [domain to outside world] pass out quick on ep1 proto tcp from any to any port =3D 53 flags S keep = state keep frags pass out quick on ep1 proto udp from any to any port =3D 53 keep state = keep frags # [http to outside world] pass out quick on ep1 proto tcp from any to any port =3D 80 flags S keep = state keep frags # [pop3 to outside world] pass out quick on ep1 proto tcp from any to any port =3D 110 flags S = keep state keep frags # [https to outside world] pass out quick on ep1 proto tcp from any to any port =3D 443 flags S = keep state keep frags # [passive ftp to outside world step 2 where the FTP server decides = which port # for ftp data back] pass out quick on ep1 proto tcp from any to any port > 1023 flags S keep = state keep frags # [traceroute to outside world 1st stage: probing...man traceroute(8)] pass out quick on ep1 proto udp from any to any port 33434 >< 33525 keep = state keep frags # [ping to outside world] pass out quick on ep1 proto icmp from any to any keep state keep frags # = -------------------------------------------------------------------------= # Allow _external_ initiated connections from outside world to hosts = behind # NAT and the firewall. # = -------------------------------------------------------------------------= # [dhclient] pass in quick on ep1 proto udp from any to any port =3D 68 keep state = keep frags # [traceroute to internal host 2nd stage: receiving error code of = icmp-type 3 # (destination unreachable) and icmp-type 11 (time exceeded)] pass in quick on ep1 proto icmp from any to any icmp-type 3 keep state = keep frags pass in quick on ep1 proto icmp from any to any icmp-type 11 keep state = keep frags and my rc.conf is that: hostname=3D"" ifconfig_rl0=3D"DHCP" ifconfig_rl1=3D"192.168.0.0" kern_securelevel_enable=3D"NO" sendmail_enable=3D"NONE" sshd_enable=3D"YES" usbd_enable=3D"YES" inetd_enable=3D"NO" portmap_enable=3D"NO" ipfilter_enable=3D"YES" ipfilter_rules=3D"/etc/ipf.rules" ipnat_enable=3D"YES" ipnat_rules=3D"/etc/ipf.rules" ipmon_enable=3D"YES" ipmon_flags=3D"-Dsn" And i had these rules to /etc/sysctl.conf: net.inet.ip.forwarding=3D1 net.inet.ip.check_interface=3D1 net.inet.tcp.blackhole=3D2 net.inet.udp.blackhole=3D1 .. and that's it, i dont have cable connection to the internet, anyone = can help me please?! PS: I'm really sorry for the long post, but i really need this LAN = working for work, and i just can't discover where the error is :(
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2305CFC39C15AA4896E06E5C91C509EF03743858>