Server connectivity problem (firewall?)

Joe Lewis joe at
Mon Feb 9 09:23:49 PST 2004

listmail at wrote:


> ================
>>From /etc/rc.conf:
> firewall_enable="YES"           # Set to YES to enable firewall functionality
> firewall_script="/etc/rc.firewall" # Which script to run to set up the 
> firewall
> firewall_type="OPEN"            # Firewall type (see /etc/rc.firewall)
> firewall_quiet="NO"             # Set to YES to suppress rule display
> firewall_logging="YES"          # Set to YES to enable events logging
> firewall_flags=""               # Flags passed to ipfw when type is a file
> ipfilter_enable="YES"           # Set to YES to enable ipfilter functionality
> ipfilter_program="/sbin/ipf"    # where the ipfilter program lives
> ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
>                                 # /usr/src/contrib/ipfilter/rules for examples
> ipfilter_flags=""               # additional flags for ipfilter


> 00050  298  29652 divert 8668 ip from any to any via rl0

Me thinks this is a NAT issue.  Do you have natd_enable="YES" in the 
rc.conf?  If it tries to divert to NAT and NAT isn't running, ANYTHING 
on rl0 will fail (or at least should fail - I could be wrong on that, 
but it should give you a pointer to check on).

> IPF is also running (I can't recall why) with the following rules:
> pass in all
> pass out all
> If I remove it from rc.conf I lose the ability to contect via dc0 as well.

That is because it will deny by default.  Make sure it's not enabled in 
the sysctl configuration, and then you should be able to remove the ipf 


More information about the freebsd-questions mailing list