Re: Operation: "ipfw on a gateway box"
On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote:
> > > Does anything work *without* the firewall?
> >
> > Yes, before I started messing with the firewall I had squid
> > set up, I set up FreeBSD as a gateway and also as a DNS
> > server. I could acces the WWW, ftp, telnet and all the
> > other services at will, inside and outside my home LAN.
>
> Try temporarily setting the firewall to just pass everything
> ("ipfw add 1 allow ip from any to any") and see if you can still get
> out through it. I'm guessing something else may be messed up now.
If he is using it as a gateway for other machines he will still need
NAT. Try this to open the fire wall up:
public="xl0"
private="xl1"
loopBack="lo0"
ipfw add 00100 allow all from any to any via $private
ipfw add 00110 allow all from any to any via $loopBack
#
# Net Address Translate (NAT) incomming packets
#
ipfw add 00120 divert natd ip from any to any in via $public
#
# Net Address Translate (NAT) out going packets
#
ipfw add 01000 divert natd ip from any to any out via $public
ipfw add 01010 allow ip from any to any
I just clipped these from my rules, thats why the weird numbering
scheme.
-Mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Operation: "ipfw on a gateway box"
> > Does anything work *without* the firewall?
>
> Yes, before I started messing with the firewall I had squid
> set up, I set up FreeBSD as a gateway and also as a DNS
> server. I could acces the WWW, ftp, telnet and all the
> other services at will, inside and outside my home LAN.
Try temporarily setting the firewall to just pass everything
("ipfw add 1 allow ip from any to any") and see if you can still get
out through it. I'm guessing something else may be messed up now.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Operation: "ipfw on a gateway box"
Quoting Lowell Gilbert <[EMAIL PROTECTED]>: > Hiram Abiff <[EMAIL PROTECTED]> writes: > > > I followed your advice and rewrote my firewall rules. > > Although, even now, there are some major difficulties. > > Please remember that you sent this message to a mailing list with a > very large number of people. I, for one, do not remember the earlier > messages, and may not have read them. > I appologize for the inconvenience. I will try to be clearer. > > I still, can't acces the net from my 2 other computers > > via my FreeBSD firewalled gateway. > > Although I set up on it to allow traffic on > > ports 21, 22, 53, 8080 I can only telent to port > > 21, all the others report a "connection refused" error. > > Where did you do this from? > I tried accesing the FreeBSD box from the 2 other computers I have. Also I tried telneting from the FreeBSD box to itself. > > I can ping the FreeBSD box, but i cannot ping any outside > > IP addresseses from the FreeBSD box or the other boxes on my > > home LAN. > > In other words, not only can't you access the net from the other > computers, but you can't from the FreeBSD box either? Unfortunately, yes. I tried pinging outside computers by IP address but I canćt anymore. > > Does anything work *without* the firewall? Yes, before I started messing with the firewall I had squid set up, I set up FreeBSD as a gateway and also as a DNS server. I could acces the WWW, ftp, telnet and all the other services at will, inside and outside my home LAN. > > > Also when FreeBSD is booting I caught some error messages that > > said unknow command "setup" for some of my firewall rules. > > Kind of need more details here. I can't see what that could be... > I was thinking maybe I misplaces the setup keyword in my firewall rule file. Did u happen to see it, I posted it in my last mail. I dončt understand how ftp works and my proxy serevr doesn't if I used the very same and exact syntax to define the rules. -- "It was as though a veil had been rent. I saw on that ivory face the expression of sombre pride, of ruthless power, of craven terror -- of an intense and hopeless despair. Did he live his life again in every detail of desire, temptation, and surrender during that supreme moment of complete knowledge?" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Operation: "ipfw on a gateway box"
Hiram Abiff <[EMAIL PROTECTED]> writes: > I followed your advice and rewrote my firewall rules. > Although, even now, there are some major difficulties. Please remember that you sent this message to a mailing list with a very large number of people. I, for one, do not remember the earlier messages, and may not have read them. > I still, can't acces the net from my 2 other computers > via my FreeBSD firewalled gateway. > Although I set up on it to allow traffic on > ports 21, 22, 53, 8080 I can only telent to port > 21, all the others report a "connection refused" error. Where did you do this from? > I can ping the FreeBSD box, but i cannot ping any outside > IP addresseses from the FreeBSD box or the other boxes on my > home LAN. In other words, not only can't you access the net from the other computers, but you can't from the FreeBSD box either? Does anything work *without* the firewall? > Also when FreeBSD is booting I caught some error messages that > said unknow command "setup" for some of my firewall rules. Kind of need more details here. I can't see what that could be... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
