odd problem with firewall server
Hi all, This probably isn't a FreeBSD-specific problem, but it's vexing nonetheless. So we have our servers accessing the outside world through their own firewall on a FreeBSD machine. Nothing too fancy, just routing traffic and shutting off unused ports. However, this morning the ethernet jack that the firewall server's world-accessible ethernet port (dc1) was plugged into. The solution: plug it into another jack :) This amazingly complex solution worked, except that I can now no longer ssh or ping the machine. Any ideas as to what may have caused this? Thanks, Matt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: odd problem with firewall server
Matt Singerman wrote: Hi all, This probably isn't a FreeBSD-specific problem, but it's vexing nonetheless. So we have our servers accessing the outside world through their own firewall on a FreeBSD machine. Nothing too fancy, just routing traffic and shutting off unused ports. However, this morning the ethernet jack that the firewall server's world-accessible ethernet port (dc1) was plugged into. The solution: plug it into another jack :) This amazingly complex solution worked, except that I can now no longer ssh or ping the machine. Any ideas as to what may have caused this? Thanks, Matt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Not without knowing more about your network, and/or the switch/device at the other end of that jack. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with Firewall...
Hi, I recently installed FreeBSD 6-Release on my AMD AthlonXP box. I recompiled the kernel with 'cvstag=6_RELENG' with firewall enabled and everything went smoothly. I buildworld, compiled kernel and installed it. And after installing the world in single user mode, I tried to boot into newly installed kernel, everything seems to be fine except that there is no internet connection. I enabled the FIREWALL=yes in my rc.conf and the firewall type I specied as 'client'. Also I specified the IP address and network in the 'rc.firewall' file. I have a VoIP adapter at home connected through my cable modem, and my ethernet connection is coming out of it. I specied a static internal IP with a gateway. Even when I booted my newly compiled kernel, the VoIP phone seems to be not working. I also have debian linux on my second harddisk and the internet is working fine on debian. Can anyone please tell me what's going wrong? and if I am missing something. thanks in advance, Siva ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with Firewall...
siva m wrote: Hi, I recently installed FreeBSD 6-Release on my AMD AthlonXP box. I recompiled the kernel with 'cvstag=6_RELENG' with firewall enabled and everything went smoothly. I buildworld, compiled kernel and installed it. And after installing the world in single user mode, I tried to boot into newly installed kernel, everything seems to be fine except that there is no internet connection. I enabled the FIREWALL=yes in my rc.conf and the firewall type I specied as 'client'. Also I specified the IP address and network in the 'rc.firewall' file. I have a VoIP adapter at home connected through my cable modem, and my ethernet connection is coming out of it. I specied a static internal IP with a gateway. Even when I booted my newly compiled kernel, the VoIP phone seems to be not working. I also have debian linux on my second harddisk and the internet is working fine on debian. Can anyone please tell me what's going wrong? and if I am missing something. thanks in advance, Siva You can refer to section IV of the Handbook for some pointers, particularly chapters 25 and 26, I'd think. Please send diagnostic output to the list if you really want help (and I assume that you do). No network connection is not very telling; it is only a generalization of the problem and does not address the root cause. We need to know what you've tried, and what the machine has replied, before we can give any decent advice (in short, more data is required) Perhaps several of the following would give us a clue: `netstat -nr` `ifconfig -a` `ipfw show` `ping localhost` `ping xxx.xxx.xxx.xxx` If it *really* is the firewall, then perhaps: #ipfw add 1 allow ip from any to any ... might open things up a bit ;-) HTH, Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with Firewall...
On Saturday 26 November 2005 12:02 pm, siva m wrote: Hi, I recently installed FreeBSD 6-Release on my AMD AthlonXP box. I recompiled the kernel with 'cvstag=6_RELENG' with firewall enabled and everything went smoothly. I buildworld, compiled kernel and installed it. And after installing the world in single user mode, I tried to boot into newly installed kernel, everything seems to be fine except that there is no internet connection. I enabled the FIREWALL=yes in my rc.conf and the firewall type I specied as 'client'. Also I specified the IP address and network in the 'rc.firewall' file. I have a VoIP adapter at home connected through my cable modem, and my ethernet connection is coming out of it. I specied a static internal IP with a gateway. Even when I booted my newly compiled kernel, the VoIP phone seems to be not working. I also have debian linux on my second harddisk and the internet is working fine on debian. Can anyone please tell me what's going wrong? and if I am missing something. thanks in advance, Siva Could you attach your kernel config file and /etc/rc.conf. I suspect that you didn't put gateway_enable=YES into rc.conf but there are other things that could be an issue besides that. -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with Firewall...
On 2005-11-26 12:02, siva m [EMAIL PROTECTED] wrote: Hi, I recently installed FreeBSD 6-Release on my AMD AthlonXP box. I recompiled the kernel with 'cvstag=6_RELENG' with firewall enabled and everything went smoothly. I buildworld, compiled kernel and installed it. Hi, Please do *not* type things out of memory, but be precise, specific and provide as much detail as possible when asking questions like this. I'm sure there is no 6_RELENG branch in our sources, so you can't have used that. And after installing the world in single user mode, I tried to boot into newly installed kernel, everything seems to be fine except that there is no internet connection. I enabled the FIREWALL=yes in my rc.conf and the firewall type I specied as 'client'. Also I specified the IP address and network in the 'rc.firewall' file. It is always a very good idea to show us the *exact* lines you have edited. Exactly as they appear in your system configuration files. Again, there are errors in the description above that may confuse anyone trying to help you out. For instance, there is no FIREWALL=yes setting for `/etc/rc.conf'. There is a setting that is called `firewall_enable', but this is a different option because capitalization and the exact name of the options in rc.conf do matter... Can you repost your question and include the precise changes you have made to your system configuration, please? If enabling the firewall has locked you out of the machine or has made it impossible to access the network from the machine, then it may help a bit if you disable all sorts of firewalling from your machine and simply reboot. To disable all known firewalls, add the following to your `/etc/rc.conf' file: firewall_enable=NO pf_enable=NO ipfilter_enable=NO Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arp request problem with firewall
On Mon, 29 Dec 2003 16:30:40 -0800 (PST) Terry Singh [EMAIL PROTECTED] wrote: this is my first post to freebsd questions. MY NETWORK Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network The WAN_IF has several public addresses as aliases. I have about 20 servers in the LAN that require various services allowed to the public Internet. I basically am doing a bimap one to one mapping per server in the LAN. This all works great, meaning I can surf etc etc from any LAN server to the Internet and also, from the Internet I can get published services on LAN servers. Here's the problem: I already mentioned that each server with a 192.168.50.x address is bimaped to a public address. The problem is that if I am on any of the LAN servers, and want to connect to the public address of a server in the LAN, I CANNOT. Now first of, I could connect using private addresses and of course this works like it should. But our applications have real DNS names coded in the apps so I need this to work. I know it has something to be with proxy arp so I even tried placing this line in sysctl.conf: net.link.ether.inet.proxyall=1.\ no luck. ANY IDEAS? -- Second problem One of the LAN servers is a FTP server. From the Internet, I can only connect using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what happens when passive mode is used: The initial connection is accepted, but then the server sends its private address instead of its proper public address! Of course it's not gonna work! So I forced active mode and voila! it worked. What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp in freebsd but what about inbound? thanks, tsingh. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] 1. The network configuration like yours is known not to work. The reason and workarounds are best detailed here. http://www.openbsd.org/faq/pf/rdr.html#reflect 2. The wu-ftp and proftp have the ability to advertize arbitrary address. There may be others, but I don't know. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
arp request problem with firewall
this is my first post to freebsd questions. MY NETWORK Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network The WAN_IF has several public addresses as aliases. I have about 20 servers in the LAN that require various services allowed to the public Internet. I basically am doing a bimap one to one mapping per server in the LAN. This all works great, meaning I can surf etc etc from any LAN server to the Internet and also, from the Internet I can get published services on LAN servers. Here's the problem: I already mentioned that each server with a 192.168.50.x address is bimaped to a public address. The problem is that if I am on any of the LAN servers, and want to connect to the public address of a server in the LAN, I CANNOT. Now first of, I could connect using private addresses and of course this works like it should. But our applications have real DNS names coded in the apps so I need this to work. I know it has something to be with proxy arp so I even tried placing this line in sysctl.conf: net.link.ether.inet.proxyall=1.\ no luck. ANY IDEAS? -- Second problem One of the LAN servers is a FTP server. From the Internet, I can only connect using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what happens when passive mode is used: The initial connection is accepted, but then the server sends its private address instead of its proper public address! Of course it's not gonna work! So I forced active mode and voila! it worked. What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp in freebsd but what about inbound? thanks, tsingh. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]