Alaor Barroso de Carvalho Neto
alaorneto at gmail.com
Fri Nov 23 07:08:35 PST 2007
2007/11/23, Bill Moran <wmoran at potentialtech.com>:
> "Alaor Barroso de Carvalho Neto" <alaorneto at gmail.com> wrote:
> > 2007/11/23, Bill Moran <wmoran at potentialtech.com>:
> > >
> > > "Alaor Barroso de Carvalho Neto" <alaorneto at gmail.com> wrote:
> > >
> > > > Yes, I have IPFIlTER installed, but if I would want to everybody
> ping to
> > > > everybody and then block the things in the firewall, it isn't about
> > > > because neighter of my networks are pinging to any other right now.
> By ping
> > > > I mean have access.
> By ping, mean ping. I don't know what "have access" means, but I know
> "ping" means.
> So what do you really mean ... what are you actually doing? If you run
> ping 192.168.1.[some working IP] from a machine on the 192.168.2.0/24
> network, what is the result?
> > > > I thought it would have something to do with setting
> > > > routes. BTW, my ipfilter now just pass everything because I'm
> building the
> > > > server, but I already have a config file with the blocks that I
> would apply.
> > >
> > > That's a completely different scenario than the one you described in
> > > your previous message.
> > >
> > > Do you have gatetway_enable="YES" in /etc/rc.conf?
> > Yeah, I know, I was trying to make it work with only adm and external,
> > the real scenario I have is this. Yes I have this line, my rc.conf is
> > this:
> > [...]
> > gateway_enable="yes"
> > defaultrouter="XXX.XXX.XXX.158" (the external ip)
> > ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"
> > ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
> > ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
> > ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
> > [...]
> > I don't know if that matters, but the yes should be YES to things work?
> > kill myself if this is the problem.
> Don't kill yourself. At least, if you do, will me all your stuff.
> The parameter is case-insensitive, I just prefer the caps.
> First off, what's the output of "sysctl net.inet.ip.forwarding"? If
> it is 0, then reboot and see if it starts working.
> Once you're sure that sysctl is being properly set (which is all that
> gateway_enable="yes" does), if you're still having problems, disable
> ipfilter altogether and see if it starts working. If it does, then
> it becomes a discussion of firewall rules.
> Also, is your DNS working properly? I don't know how many times I've
> seen DNS timeouts mistaken for network problems. 99% of the programs
> out there will _seem_ to have a network problem if the DNS isn't working
> Bill Moran
I don't have that much stuff at all, only some bills to pay, we have a deal?
I'm going to the server room to test the command. And yes, the DNS is
working properly. I just came from the room and I did the command dig @
192.168.1.1 google.ca and it said no server reached, then I did dig @
127.0.0.1 google.ca and it worked! Then I gone to the DNS machine and tried
to ping to the IP that dig gave me, it can't. I changed the ip of the
FreeBSD box to 192.168.1.240 and turned on the linux machine back with the
ip 192.168.1.80 and did dig @192.168.1.1 googla.ca and it worked! Gone to
the DNS machine and pinged to the IP dig gave me and it worked. It seems
like the dns machine have no access to the external network..
More information about the freebsd-questions