Hi, On Sat, 2003-01-11 at 22:57, Nikolaj Farrell wrote: > > Thanks for clarifying things. > > > > I think I understand now. Here's what I (and others as well) believe is > > the root of the problem - its ipfw. > > > > By default its got a rule that reads DENY EVERYTHING. If you run "ipfw > > show" then it'll be right at the bottom. Unless you expressly allow > > traffic with ipfw statements, then you'll get packets not being > > forwarded onto respective destinations. Also if you've not actually > > configured the rule-set (E.G. for logging) then that explains why > > nothing appears in the logs. > > > > You mentioned that you've not configured any rules for the internal > > network, so you've answered you own questions here. Post the output from > > the above ipfw cmd, and I'm sure there'll be lots of assistance for you. > > > > Regards, > > > > Stacey > > > > > Actually... I have compiled ipfw _default to accept_...... and besides, no > other computers on my LAN would work otherwise either. Just for the sake of > it though, here is my ruleset > > su-2.05b# ipfw list > 00190 divert 8668 ip from any to any via xl0 > 00301 deny log logamount 100 tcp from any to any 515 in recv xl0 > 00310 allow tcp from 212.181.54.2 53 to any in recv xl0 > 00311 allow tcp from 212.181.54.3 53 to any in recv xl0 > 00320 allow log logamount 100 tcp from any to any 22 in recv xl0 > 00321 allow log logamount 100 tcp from any to any 21 in recv xl0 > 00322 allow log logamount 100 tcp from any to any 113 in recv xl0 setup > 00323 allow log logamount 100 tcp from any to any 80 in recv xl0 > 00324 allow tcp from any to any 25 via xl0 > 00325 allow tcp from any to any 995 via xl0 > 00395 deny log logamount 100 tcp from any to any 0-1024 in recv xl0 setup > 00396 deny log logamount 100 tcp from any to any 2049 in recv xl0 > 00400 allow udp from 212.181.54.2 53 to any in recv xl0 > 00401 allow udp from 212.181.54.3 53 to any in recv xl0 > 00410 allow udp from any to any 123 in recv xl0 > 00499 deny log logamount 100 udp from any to any in recv xl0 > 00610 allow icmp from 212.181.54.2 to any in recv xl0 > 00611 allow icmp from 212.181.54.3 to any in recv xl0 > 00620 allow log logamount 100 icmp from any to any in recv xl0 icmptype 3 > 00621 allow log logamount 100 icmp from any to any in recv xl0 icmptype 8 > 65535 allow ip from any to any
So, you're saying that with this configuration, you: 1] Cannot ping any hosts on the internal network 2] No internal hosts can ping the internal IP address of the g'way. Do this for me:- 1] tail /var/log/security 2] Back-up your current ipfw ruleset - and disconnect (physically) from the internet 3] create a new rule set that reads ipfw add allow log ip any to any 4] reload the new ruleset into place 5] Try connecting to and from other internal hosts 6] Post logs here. Regards, Stacey > > regards > /Nikolaj > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
