ipfw troubles

• Previous message: Marvin J. Kosmal: "cpu"
• Next in thread: Andrey Simonenko: "Re: ipfw troubles"
• Maybe reply: Andrey Simonenko: "Re: ipfw troubles"
• Reply: Lowell Gilbert: "Re: ipfw troubles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 2 Jul 2003 17:01:52 -0700 (PDT)
To: <questions@freebsd.org>

Hello,

I'm having some difficulty getting ipfw to work properly. I currently have
it configured in "simple" mode. The box is running 4.8-STABLE and offers
NAT, DHCP and backup DNS, and acts as a connector between the internal LAN
and the Internet.

The main problem is my SSH connections are getting terminated regularly.
Attempting to reconnect is met with a "host unreachable" error for a few
seconds after being disconnected. I'm also having difficulties with a
certain IMAP server, but I'm not sure if that's a firewall-related issue.

Further, I keep getting the following logged to /var/log/messages:

Jul 2 16:30:21 firewall dhcpd: send_packet: Permission denied
Jul 2 16:30:53 firewall last message repeated 14 times
Jul 2 16:32:46 firewall last message repeated 14 times
Jul 2 16:38:38 firewall last message repeated 83 times
Jul 2 16:38:38 firewall dhcpd: icmp_echorequest 192.168.1.224: Permission
denied
Jul 2 16:38:48 firewall dhcpd: send_packet: Permission denied
Jul 2 16:39:20 firewall last message repeated 8 times
Jul 2 16:41:21 firewall last message repeated 38 times
Jul 2 16:42:48 firewall last message repeated 11 times
Jul 2 16:42:50 firewall dhcpd: icmp_echorequest 192.168.1.214: Permission
denied

I guess this means I'm not serving DHCP - what kind of rule would fix
that? I read somewhere that simply using natd adds statefulness to an
otherwise stateless ipfw configuration. Would an unstateful ipfw setup be
less secure in this case?

Thanks,
-Dan

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Marvin J. Kosmal: "cpu"
• Next in thread: Andrey Simonenko: "Re: ipfw troubles"
• Maybe reply: Andrey Simonenko: "Re: ipfw troubles"
• Reply: Lowell Gilbert: "Re: ipfw troubles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ipfw with NAT and ARP ... > But, I wont so a simple firewall and for this reason, first I want to ... > ipfw add divert natd all from any to any via xl1 ... thats the configuration of the rest of my ... There are kernel options which control whether IPFW is ... (freebsd-questions) ipfw with NAT and ARP ... ipfw add divert natd all from any to any via xl1 ... When testing "ping" from external to external IP-Adress of my firewall, ... After restarting system with above configuration of icmp-protocol no ... "ipfw add allow all from any to any" ping-request get an answer. ... (freebsd-questions) [SLE] Solved, Re: [SLE] Firewall oddity ... The problem was that for some reason setting dhcp as an allowed service ... Yast's firewall wizard isn't something I'd played with before, ... >>perhaps the Yast tool that configures it). ... (SuSE) Re: RFC: my firewall ruleset(s) ... IPFW numbers rules that increment by 1. ... > The reasoning behind this is so I have a single firewall script for all ... Depending on the rc.conf entries on that server, the firewall ... (freebsd-questions) IPFW Configuration ... I am sort of a newbie to IPFW for FreeBSD-5.2.1. ... used it and need some help with the configuration. ... With the support for IPFW in the ... firewall off right now is because i was told that rc.firewall in /etc ... (freebsd-questions)