IPFW and NATD problem
Gardner Bell
gbell72 at rogers.com
Tue May 8 16:07:46 UTC 2007
Hi all,
I've been following the IPFW section in the handbook and /etc/rc.firewall to try and setup a gateway for my home LAN but I'm having a bit of trouble getting access to the internet. My network setup looks like so.
192.168.x.x bge1 - 192.168.x.x bge0 x.x.x.x
--LAN------------Switch---------FreeBSD-------------------------------ISP
Bge0 successfully receives an IP from my ISP's DHCP server and I can ping the LAN without any issues. When it comes to accessing the internet I get a hostname lookup failure.
Any help resolving this is greatly appreciated.
Gardner
mx1# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from 192.168.1.0/24 to any in via bge0
00500 deny log logamount 3 ip from x.x.x.x/25 to any in via bge1
00600 deny ip from any to 10.0.0.0/8 via bge0
00700 deny ip from any to 172.16.0.0/12 via bge0
00800 deny ip from any to 192.168.0.0/16 via bge0
00900 deny ip from any to 0.0.0.0/8 via bge0
01000 deny ip from any to 169.254.0.0/16 via bge0
01100 deny ip from any to 192.0.2.0/24 via bge0
01200 deny ip from any to 224.0.0.0/4 via bge0
01300 deny ip from any to 240.0.0.0/4 via bge0
01400 divert 8668 ip from any to any in via bge0
01500 allow ip from any to any via bge1
01600 deny ip from 10.0.0.0/8 to any via bge0
01700 deny ip from 172.16.0.0/12 to any via bge0
01800 deny ip from 192.168.0.0/16 to any via bge0
01900 deny ip from 0.0.0.0/8 to any via bge0
02000 deny ip from 169.254.0.0/16 to any via bge0
02100 deny ip from 192.0.2.0/24 to any via bge0
02200 deny ip from 224.0.0.0/4 to any via bge0
02300 deny ip from 240.0.0.0/4 to any via bge0
02400 allow tcp from any to x.x.x.x dst-port 53 out via bge0 setup keep-state
02500 allow udp from any to x.x.x.x dst-port 53 out via bge0 keep-state
02600 allow udp from any to x.x.x.x dst-port 67 out via bge0 keep-state
02700 allow tcp from any to any dst-port 80 out via bge0 setup keep-state
02800 allow tcp from any to any dst-port 443 out via bge0 setup keep-state
02900 allow tcp from any to any dst-port 25 out via bge0 setup keep-state
03000 allow tcp from any to any dst-port 110 out via bge0 setup keep-state
03100 allow tcp from any to any dst-port 21 out via bge0 setup keep-state
03200 allow tcp from any to any dst-port 3724 out via bge0 setup keep-state
03300 allow icmp from any to any out via bge0 keep-state
03400 allow tcp from any to any dst-port 43 out via bge0 setup keep-state
03500 allow udp from any to any dst-port 123 out via bge0 keep-state
03600 reset tcp from any to any dst-port 113 in via bge0
03700 allow udp from x.x.x.x to any dst-port 68 in via bge0 keep-state
03800 deny tcp from any to any dst-port 137 in via bge0
03900 deny tcp from any to any dst-port 138 in via bge0
04000 deny tcp from any to any dst-port 139 in via bge0
04100 deny tcp from any to any dst-port 389 in via bge0
04200 deny tcp from any to any dst-port 445 in via bge0
04300 deny ip from any to any frag
04400 deny log logamount 3 ip from any to 255.255.255.255
65535 deny ip from any to any
More information about the freebsd-ipfw
mailing list