Server connectivity problem (firewall?)
Joe Lewis
joe at joe-lewis.com
Mon Feb 9 09:23:49 PST 2004
listmail at brightstar.ath.cx wrote:
[SNIP]
> ================
>>From /etc/rc.conf:
>
> firewall_enable="YES" # Set to YES to enable firewall functionality
> firewall_script="/etc/rc.firewall" # Which script to run to set up the
> firewall
> firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
> firewall_quiet="NO" # Set to YES to suppress rule display
> firewall_logging="YES" # Set to YES to enable events logging
> firewall_flags="" # Flags passed to ipfw when type is a file
> ipfilter_enable="YES" # Set to YES to enable ipfilter functionality
> ipfilter_program="/sbin/ipf" # where the ipfilter program lives
> ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
> # /usr/src/contrib/ipfilter/rules for examples
> ipfilter_flags="" # additional flags for ipfilter
[SNIP]
> 00050 298 29652 divert 8668 ip from any to any via rl0
Me thinks this is a NAT issue. Do you have natd_enable="YES" in the
rc.conf? If it tries to divert to NAT and NAT isn't running, ANYTHING
on rl0 will fail (or at least should fail - I could be wrong on that,
but it should give you a pointer to check on).
> IPF is also running (I can't recall why) with the following rules:
> pass in all
> pass out all
>
> If I remove it from rc.conf I lose the ability to contect via dc0 as well.
That is because it will deny by default. Make sure it's not enabled in
the sysctl configuration, and then you should be able to remove the ipf
rules.
Joe
More information about the freebsd-questions
mailing list