firewall

Robert Storey y2kbug at ms25.hinet.net
Mon Sep 15 06:23:17 PDT 2003 

On Sun, 14 Sep 2003 23:52:40 -0400
"Bob Hall" <rjhjr at cox.net> wrote:

> Could you be more specific about what doesn't work? Have you tried
> ping and traceroute? nslookup? HTTP? Sometimes when people are having
> trouble, it turns out that they are having trouble with specific apps,
> but otherwise can connect successfully.
> 
> It looks like you're using the CLIENT ruleset from the default
> rc.firewall. If this firewall is for a LAN, you will have more success
> with the SIMPLE ruleset. (I made the same mistake the first time I set
> up a LAN firewall.)

Thanks, that was a good suggestion (to use the SIMPLE ruleset). However,
I'm still not getting through with PPP. Here is the output of ifconfig
when I'm online:


bob at sonic:~> ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::20c:6eff:fe0a:ca02%vr0 prefixlen 64 scopeid 0x1 
        inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
        ether 00:0c:6e:0a:ca:02
        media: Ethernet autoselect (none)
        status: no carrier
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
        inet 127.0.0.1 netmask 0xff000000 
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
        inet 61.227.219.11 --> 168.95.46.33 netmask 0xff000000 

AND the result of a ping:
bob at sonic:~> ping slashdot.org
ping: cannot resolve slashdot.org: Host name lookup failure


This is my current configuration in /etc/rc.firewall:

	# set these to your outside interface network and netmask and ip
	oif="ppp0"
	onet="168.95.0.0"
	omask="255.255.255.255"
	oip="168.95.0.0"

	# set these to your inside interface network and netmask and ip
	iif="vr0"
	inet="192.168.0.0"
	imask="255.255.255.0"
	iip="192.168.0.2"

Again, my internal (ethernet) network is accessible, but PPP is
completely dead to the world. When I remove the firewall, it works fine,
so it's not an issue of PPP incorrectly configured.

Hope somebody can help. Again, I confess that I don't know much about
writing firewall rules. All I really want is to use the default set of
rules called "simple".

Thanks to all who have replied.

best regards,
Robert

More information about the freebsd-questions mailing list