Gateway problemas

geek geek at netcabo.pt
Fri Aug 15 16:59:44 PDT 2003 

Hey guys, i have a weird problem , that i'm trying to resolve! My network is: a cable modem connected to the first NIC and the second NIC connected to the switch, and i decide to reinstall freebsd on my gateway and put new ipf.rules but after i put the new rules, i dont have access to the internet, not in the gateway neither on the other computers on the LAN!
My ipf.rules are:




#
# Interface:
#    lo0 - loopback
#    ep0 - internal to private network
#    ep1 - external to cable modem
#
# Filtering policy ordering:
#    + Block everything unless there are permit (pass) rules
#    - Permit all loopback packets to flow freely
#    - Permit all internal network packets to flow freely
#    - Permit individual type of service to flow freely to outside world:
#       ftp
#       smtp
#       whois
#       dns
#       http/https
#       pop3
#       traceroute
#       ping
#       dhclient
#    + Since there are no permit(pass) rules at this stage, everything
#      else is blocked!
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Interface: all
# Block all incoming and outgoing packets unless they're allowed later.
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
block in log all
block out log all

# -------------------------------------------------------------------------
# Interface: lo0
# Allow loopback to flow freely.
# -------------------------------------------------------------------------
pass in quick on lo0 all
pass out quick on lo0 all
# -------------------------------------------------------------------------

# -------------------------------------------------------------------------
# Interface: ep0
# Allow internal traffic to flow freely.
# -------------------------------------------------------------------------
pass in quick on ep0 all
pass out quick on ep0 all
# -------------------------------------------------------------------------

# -------------------------------------------------------------------------
# Interface: ep1
# Allow _internal_ and fw initiated connections from hosts behind NAT to
# outside world.
# -------------------------------------------------------------------------
# [passive ftp client to outside world step 1]
pass out quick on ep1 proto tcp from any to any port = 21 flags S keep state keep frags
# [smtp to outside world]
pass out quick on ep1 proto tcp from any to any port = 25 flags S keep state keep frags
# [whois to outside world]
pass out quick on ep1 proto tcp from any to any port = 43 flags S keep state keep frags
# [domain to outside world]
pass out quick on ep1 proto tcp from any to any port = 53 flags S keep state keep frags
pass out quick on ep1 proto udp from any to any port = 53 keep state keep frags
# [http to outside world]
pass out quick on ep1 proto tcp from any to any port = 80 flags S keep state keep frags
# [pop3 to outside world]
pass out quick on ep1 proto tcp from any to any port = 110 flags S keep state keep frags
# [https to outside world]
pass out quick on ep1 proto tcp from any to any port = 443 flags S keep state keep frags
# [passive ftp to outside world step 2 where the FTP server decides which port
# for ftp data back]
pass out quick on ep1 proto tcp from any to any port > 1023 flags S keep state keep frags
# [traceroute to outside world 1st stage: probing...man traceroute(8)]
pass out quick on ep1 proto udp from any to any port 33434 >< 33525 keep state keep frags
# [ping to outside world]
pass out quick on ep1 proto icmp from any to any keep state keep frags
# -------------------------------------------------------------------------
# Allow _external_ initiated connections from outside world to hosts behind
# NAT and the firewall.
# -------------------------------------------------------------------------
# [dhclient]
pass in quick on ep1 proto udp from any to any port = 68 keep state keep frags
# [traceroute to internal host 2nd stage: receiving error code of icmp-type 3
# (destination unreachable) and icmp-type 11 (time exceeded)]
pass in quick on ep1 proto icmp from any to any icmp-type 3 keep state keep frags
pass in quick on ep1 proto icmp from any to any icmp-type 11 keep state keep frags




and my rc.conf is that:

hostname=""
ifconfig_rl0="DHCP"
ifconfig_rl1="192.168.0.0"
kern_securelevel_enable="NO"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="YES"
inetd_enable="NO"
portmap_enable="NO"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipnat_enable="YES"
ipnat_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Dsn"




And i had these rules to /etc/sysctl.conf:

net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1


.. and that's it, i dont have cable connection to the internet, anyone can help me please?!

PS: I'm really sorry for the long post, but i really need this LAN working for work, and i just can't discover where the error is :(

More information about the freebsd-questions mailing list