Re: Freebsd Firewall

["Chuck Swiger" <chuck () codefab com>]

On Sat, 1 Apr 2000 20:26:19 -0500, Ken Kyler wrote:
> I'm running FreeBSD 4-STABLE with ipfw/natd.  I have a small internal
> network and use the FreeBSD box as a firewall/router.  The FreeBSD box has
> 2-NICs.  I want to use a firewall to restrict access from the outside but
> allow anything on the inside.
>
> I've tried to setup rc.firewall using the simple type but nothing on the
> inside net can get out.  Can anyone assist?

Maybe you misconfigured the following variables (see /etc/rc.firewall, from  
line 138):

    # set these to your outside interface network and netmask and ip
    oif="ed0"
    onet="192.168.4.0"
    omask="255.255.255.0"
    oip="192.168.4.17"

    # set these to your inside interface network and netmask and ip
    iif="ed1"
    inet="192.168.3.0"
    imask="255.255.255.0"
    iip="192.168.3.17"

If you swapped the interface names, that would probably cause the problem  
you've described.  Of course, you should check what messages the firewall  
produces when someone tries to access the net, since you'd see messages like:

fw /kernel: ipfw: 300 Deny UDP a.b.c.d:138 a.b.c.d:138 in via ed0
fw /kernel: arp: a.b.c.d is on ed0 but got reply from a:b:c:d:e:f on ed1


-Chuck

       Chuck 'Sisyphus' Swiger | chuck () codefab com | Bad cop!  No Donut.
       ------------------------+-------------------+--------------------
       I know that you are an optimist if you think I am a pessimist....