The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 gateway+firewall (ipfw/natd)
Author: BBB 
Date:   10-01-01 18:22

Hello again,
this time I'm sure I'm doing something wrong. I just don't know what I'm doing wrong yet. I made a basic firewall script to replace /etc/rc.firewall. Whenever I try to load it, al my traffic gets blocked. REALLY all traffic, that is.

I cannot ssh into the server from the network boxes (I start the firewall from console, not via ssh), I cannot connect to the "outside world", nothing...
The internet access is dead too. My computer client on the network is not able to access the internet. All people on my chat server got a PERMISSION DENIED quit message when getting disconnected from the server...
The weird thing is, all this is being specifically allowed in my /etc/rc.firewall... So I must be doing something terribly wrong, because although it is allowed (also in ipfw list, it shows that it is allowed), I cannot do it. Even outgoing DNS requests don't get answered (i.e. I cannot resolve hostnames), etc.etc.etc.

I put the script on http://nl.nixhelp.org/download/rc.firewall can someone please tell me what I am doing wrong?

Thank in advance!

Reply To This Message
 
 Re: gateway+firewall (ipfw/natd)
Author: g2k 
Date:   11-01-01 22:47

i am not a pro on that either, but a few suggestions.
ok, something that might need to get changed:

# Allow Internal Traffic (doh)
${ipfw} add 100 pass all from 127.0.0.1 to 127.0.0.1 via lo0

i would say:
${ipfw} add 100 pass all from any to any via lo0
i'm not sure, but that what you wrote may be incorrect, dont know.
to be sure, use that, i know that it works.

and if you need natd, i'd start it a little different, as i noticed some time ago that the -interface flag doesnt work
${natd} -n ${external_interface}
and
${ipfw} add divert natd all from any to any via ${external_interface}

with the rest, i am not sure if it may be bad syntax or something, does the script produce any error output when loaded (syntax, path..)?

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org