Date: Wed, 7 Jun 2000 21:35:03 -0700 From: "Timothy L. Robertson" <tlrobertson@mindspring.com> To: <freebsd-questions@freebsd.org> Subject: Some Network Traffic Not Getting Through Firewall Message-ID: <NBBBKMLFOGDDKEFBFEAFKEMMEPAA.tlrobertson@mindspring.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0005_01BFD0C8.3D7026E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello Everyone, I have just set up a FreeBSD 4.0-RELEASE machine to act as a router/firewall between my DSL modem and three Windoze boxes. I have user ppp connecting to Mindspring via PPPoE, with nat doing the address translation to make my one dynamic IP address suffice for all four machines. Things mostly work; I can load most webpages and use most network services from the win boxes, but some things don't get through. I compiled my kernel with the IPFIREWALL_DEFAULT_TO_ACCEPT option and my rc.firewall is just /sbin/ipfw -f flush #/sbin/ipfw add pass all from 127.0.0.1 to 127.0.0.1 /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any so I don't expect it to be blocking any traffic. Yet when I try to load a page like http://us.f22.mail.yahoo.com I'm left with a gray screen that never loads any data, or if I go to http:://www.citibank.com I get 4 "Transfer interrupted!" messages. I've verified that I can ping to the addresses from behind the firewall, and that everything works fine, i.e. I can load the pages, from the firewall machine, and have no idea what makes these pages fail. A few other random bits of information which might clue in someone more knowledgeable: *The windows machines can pop3 mail over from a certain mail server, but cannot send mail out to it via SMTP. Other mail severs work fine. *Many web pages hang the first time I try to access them. The host is resolved, and then it keeps "waiting for reply." The second time I try to access them they come right up. *I get the same behavior from WinNT and Win98. If any one knows what is going on or can suggest how to figure out where the problem is I would appreciate the help. At this point I don't even know if it is a BSD or Microsoft issue. I suspect I have to install a packet sniffer to figure out what is happening to the datagrams, but have never done this before. A few files are attached below in case the might be helpful. Thanks, -Tim timothyr@timothyr.net P.S. Anyone know a decent telnet/terminal for WinNT? ------=_NextPart_000_0005_01BFD0C8.3D7026E0 Content-Type: application/octet-stream; name="ppp.conf.public" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ppp.conf.public" ################################################################# # PPP Sample Configuration File # Originally written by Toshiharu OHNO # Simplified 5/14/1999 by wself@cdrom.com # # $FreeBSD: src/etc/ppp/ppp.conf,v 1.2 1999/08/27 23:24:08 peter Exp $ ################################################################# default: # # Make sure that "device" references the correct serial port # for your modem. (cuaa0 = COM1, cuaa1 = COM2) # set log Phase Chat LCP IPCP CCP tun command nat enable yes nat log yes nat same_ports yes nat use_sockets yes pppoe: set device PPPoE:xl0 set mru 1492 set mtu 1492 set speed sync enable lqr #set lqperiod 5 set cd 5 set redial 0 0 set dial set login set authname tlrobertson@mindspring.com set authkey *********** set timeout 0 set crtscts off set ifaddr 0 0 delete ALL add 0 0 HISADDR papchap: # # edit the next three lines and replace the items in caps with # the values which have been assigned by your ISP. # set authname tlrobertson@mingspring.com set authkey *********** ------=_NextPart_000_0005_01BFD0C8.3D7026E0 Content-Type: application/octet-stream; name="rc.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rc.conf" # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. network_interfaces="auto" ifconfig_xl0="inet 10.0.0.2 netmask 255.255.255.0" ifconfig_ep0="inet 192.168.1.1 netmask 255.255.255.0" hostname="scarlet.timothyr.net" ppp_enable="YES" ppp_mode="ddial" ppp_profile="pppoe" gateway_enable="YES" #firewall_enable="YES" tcp_extensions="YES" linux_enable="YES" check_quotas="NO" moused_type="auto" moused_enable="YES" named_enable="NO" ------=_NextPart_000_0005_01BFD0C8.3D7026E0 Content-Type: application/octet-stream; name="rc.firewall" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rc.firewall" /sbin/ipfw -f flush #/sbin/ipfw add pass all from 127.0.0.1 to 127.0.0.1 /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any ------=_NextPart_000_0005_01BFD0C8.3D7026E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NBBBKMLFOGDDKEFBFEAFKEMMEPAA.tlrobertson>