Gateway Problems
fdcf
fdcf at netcabo.pt
Sat Apr 26 17:04:35 PDT 2003
I've problem with my gateway, i've recompiled my kernel with the options:
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
options RANDOM_IP_ID
and when i finish configuration i try to links www.freebsd.org and i could access any internet pago (NICs are well configures in rc.conf) , so i decide to create my ipf and ipnat rules. (well configured in rc.conf)
My ipf.rules:
....................................
block in log all
block out log all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on ep0 all
pass out quick on ep0 all
# [passive ftp client to outside world step 1]
pass out quick on ep1 proto tcp from any to any port = 21 flags S keep state keep frags
# [smtp to outside world]
pass out quick on ep1 proto tcp from any to any port = 25 flags S keep state keep frags
# [whois to outside world]
pass out quick on ep1 proto tcp from any to any port = 43 flags S keep state keep frags
# [domain to outside world]
pass out quick on ep1 proto tcp from any to any port = 53 flags S keep state keep frags
pass out quick on ep1 proto udp from any to any port = 53 keep state keep frags
# [http to outside world]
pass out quick on ep1 proto tcp from any to any port = 80 flags S keep state keep frags
# [pop3 to outside world]
pass out quick on ep1 proto tcp from any to any port = 110 flags S keep state keep frags
# [https to outside world]
pass out quick on ep1 proto tcp from any to any port = 443 flags S keep state keep frags
# [passive ftp to outside world step 2 where the FTP server decides which port
# for ftp data back]
pass out quick on ep1 proto tcp from any to any port > 1023 flags S keep state keep frags
# [traceroute to outside world 1st stage: probing...man traceroute(8)]
pass out quick on ep1 proto udp from any to any port 33434 >< 33525 keep state keep frags
# [ping to outside world]
pass out quick on ep1 proto icmp from any to any keep state keep frags
# [dhclient]
pass in quick on ep1 proto udp from any to any port = 68 keep state keep frags
# [traceroute to internal host 2nd stage: receiving error code of icmp-type 3
# (destination unreachable) and icmp-type 11 (time exceeded)]
pass in quick on ep1 proto icmp from any to any icmp-type 3 keep state keep frags
pass in quick on ep1 proto icmp from any to any icmp-type 11 keep state keep frags
.......................................................
where ep1 is external NIC (connected to the cable modem) and ep0 is my internal NIC (connected to the Switch) ...
my ipnat rules are:
...............................................
map ep1 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 7070 raudio/tcp
map ep1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map ep1 192.168.1.0/24 -> 0.0.0.0/32
................................... So, why i dont have acess to outside URL's !?
and it's constantly appearing that msg:
dhclient: send_packet: No route host
More information about the freebsd-questions
mailing list