Can you get packets through both directions just fine with the firewall set to "OPEN"?
David
Terrac Skiens wrote:
Hi there,
I have been trying to set up an embedded system from soekris, running a
small version of freebsd on it's internal compact flash hard disk.
The machine is built, I have remote access to it and I intend to use it
as a firewall + nat appliance. Directing traffic from machines internally
to external IP addresses.
I have gotten everything running, however my test for the machines
behind the new firewall keep failing. I can ping the firewall itself, but
not anything past it. The pings just dissapear. From the firewall I can
ping anythign by either hostname or IP.
What I have not figured out is why my machines behind the firewall cannot
ping out past the firewall, or get any other traffic out either.
my ipfw list is:
---------------------------------------
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to 172.16.0.0/12 via sis0
00500 deny ip from any to 192.168.0.0/16 via sis0
00600 deny ip from any to 0.0.0.0/8 via sis0
00700 deny ip from any to 169.254.0.0/16 via sis0
00800 deny ip from any to 192.0.2.0/24 via sis0
00900 deny ip from any to 224.0.0.0/4 via sis0
01000 deny ip from any to 240.0.0.0/4 via sis0
01100 divert 8668 ip from any to any via sis0
01200 deny ip from 172.16.0.0/12 to any via sis0
01300 deny ip from 192.168.0.0/16 to any via sis0
01400 deny ip from 0.0.0.0/8 to any via sis0
01500 deny ip from 169.254.0.0/16 to any via sis0
01600 deny ip from 192.0.2.0/24 to any via sis0
01700 deny ip from 224.0.0.0/4 to any via sis0
01800 deny ip from 240.0.0.0/4 to any via sis0
01900 allow tcp from any to any established
02000 allow ip from any to any frag
10000 deny log logamount 100 tcp from any to any in recv sis0 setup
10100 allow tcp from any to any setup
10200 allow udp from any to any 53 keep-state out xmit sis0
10300 allow udp from any to any 53 keep-state in recv sis0
10400 allow udp from any to any 123 keep-state out xmit sis0
10500 allow udp from any to any 123 keep-state in recv sis1
10600 allow tcp from any to any 53 keep-state out xmit sis0
10700 allow tcp from any to any 53 keep-state in recv sis1
10800 allow tcp from any to any 25 keep-state out xmit sis0
10900 allow tcp from any to any 25 keep-state in recv sis1
11000 allow tcp from any to any 22 keep-state out xmit sis0
11100 allow tcp from any to any 22 keep-state in recv sis1
11200 allow udp from me to any 67 keep-state out xmit sis0
11300 allow icmp from any to any
65535 deny ip from any to any
and my netstat -rn is:
---------------------------------------
Routing table:
--------------
Destination Gateway Flags Netif Use
default 66.180.229.177 UGSc sis0 2
10.1.1.0/24 link#2 UC sis1 0
xxx.xxx.xxx.xxx link#1 UC sis0 0 <- network
xxx.xxx.xxx.xxx link#1 UHLW sis0 0 <- gateway
127.0.0.1 127.0.0.1 UH lo0 0
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
-- David Cramblett Network and Information Services Multnomah Education Service District phn: 503-257-1535 fax: 503-257-1538
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
