can ping, can't download through firewall

• Previous message: Norman Walek: "Re: Connection attempt to TCP messages in /var/log/messages"
• Next in thread: Garry Hill: "RE: can ping, can't download through firewall"
• Maybe reply: Garry Hill: "RE: can ping, can't download through firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu,  4 Dec 2003 12:53:14 -0300
To: FreeBSD <freebsd-questions@freebsd.org>

hi,

i'm a reasonably experienced linux/bsd user - i've installed a few boxes in my time and usually with a good level of success. but this time i'm stumped/jiggered.

i'm trying to set up a freebsd gateway to share my cable modem connection.

from the gateway itself i can ping the world, from the attached clients i can ping the world, i can even do dns lookups. doing:

curl --head http://www.website.com

gives me a good-looking header and everything, but if i do

lynx http://www.website.com

no joy. i get:

HTTP request sent; waiting for response.

and it stops there. this is true from both the clients and the gateway itself. i just can't download anything for all the pings in the world.

my current set up is

-- kernel config:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10

-- /etc/rc.conf

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface=" rl0"
natd_flags=""

which are both straight out of the handbook.

-- ipfw -a list
00050 1844 130026 divert 8668 ip from any to any via rl0
00100 96 11166 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 2481 200907 allow ip from any to any
65535 0 0 allow ip from any to any

i've tried the same thing using ipfilter and ipnat instead of natd and ipfw - with the same results.

ethernet cards - a pair of 8139's - rl0 external, rl1 internal. as far as i can tell they work fine. on the internal network the pings are 100% - i can ftp ssh the works without problem.

i've noticed that if i turn on the firewall my pings to the isp's router are much much less reliable, sometimes losing 30%+ of the packets but generally degraded compared to the setup with no firewall enabled.

the firewall stats show that everything is passing ok.

i really don't know what's going on. unfortunately my web searches have turned up nothing similar.

does anyone have any ideas/comments/suggestions/experience of the same? is it the network cards? pings from the client machine when connected directly work perfectly but from the gateway are at best a little dodgy - losing 15% of the packets. is there some incompatibility between the network card and the router?

oh, and install is FreeBSD 4.9-RELEASE

any help greatly appreciated. it's doin my head in.

Garry
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Norman Walek: "Re: Connection attempt to TCP messages in /var/log/messages"
• Next in thread: Garry Hill: "RE: can ping, can't download through firewall"
• Maybe reply: Garry Hill: "RE: can ping, can't download through firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]