DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General
Reload this Page Firewall routing
FAQ Today's Posts Search

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 30th October 2008
Magoo Magoo is offline
New User
  
Join Date: Oct 2008
Posts: 6
Default Firewall routing
I have a device rl0 for the wan and a device rl1 from the lan. The lan has no problem leasing clients via dhcpd and the wan has no problem retrieving a lease via dhclient. The problem is that the traffic coming from the lan does not pass on to the wan. I'm assuming I may have a routing problem, but I'm not sure. Any assistance is appreciated, please let me know if you need more information. Here is the critical configuration info:

Code:
# netstat -rn

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            XXX.XXX.XXX.1        UGS         0        5    rl0
XXX.XXX.XXX/22       link#1             UC          0        0    rl0
XXX.XXX.XXX.1        00:1a:2f:8b:30:05  UHLW        2        0    rl0   1199
127.0.0.1          127.0.0.1          UH          0        0    lo0
169.254.75/24      link#2             UC          0        0    rl1
169.254.75.254     00:1f:33:cd:a9:59  UHLW        1      358    rl1   1170

----------------
# cat /etc/rc.conf

gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
ipnat_enable="YES"
ifconfig_rl1="inet 169.254.75.1 netmask 255.255.255.0"
dhcpd_enable="YES"
dhcpd_ifaces="rl1"
sshd_enable="YES"
ifconfig_rl0="DHCP"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"

------------------
# cat /etc/ipfw.rules

IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out

# deny and log everything
$IPF 500 deny log all from any to any

----------------------
# cat /usr/src/sys/i386/conf/MYKERNEL

[truncated]
options         IPFIREWALL
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=10
options         IPDIVERT
[truncated]
Last edited by Magoo; 30th October 2008 at 01:39 AM.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
trouble with binat routing SystemDog OpenBSD General 3 21st December 2009 04:01 PM
Loose UDP routing? spiller37 OpenBSD Security 4 31st July 2009 11:10 PM
double nat routing giagni General software and network 5 22nd May 2009 07:10 PM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
OpenBSD and routing cchapman OpenBSD General 5 25th July 2008 05:55 PM


All times are GMT. The time now is 11:29 AM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick