# Partial internet connectivity FreeBSD 7.4



## Deleted member 30996 (Mar 20, 2012)

I just installed FreeBSD 7.4 on a laptop with Fluxbox as the desktop using Ethernet to connect to the net. 

I have previous experience with PC-BSD but this is my first time building FreeBSD from scratch. I'm in geek heaven but having connectivity problems I'm not used to handling on my own and would appreciate if someone more experienced could help get me on the right track.

I can run portsnap, populate the tree, and it doesn't have any problems installing new ports but I can't browse the net, ping or traceroute out and it's got me in a quandry. 

The LAN addresses are all correct:


```
$ netstat -r
Routing tables

Internet:
Destination     Gateway           Flags   Refs    Use     Netif   Expire
default         homeportal          UGS      0       0     fxp0
localhost       localhost            UH      0       0      lo0
172.16.0.0      link#1               UC      0       0     fxp0
homeportal      MAC#               UHLW      1       9      fxp     1200


$ netstat -rn
Routing tables

Destination     Gateway           Flags   Refs    Use     Netif   Expire
default         172.16.0.1        UGS        0       0     fxp0
127.0.0.1       127.0.0.1         UH         0       0      lo0
172.16.0.0/16   link#1            UC         0       0     fxp0
172.16.0.1      MAC#              UHLW       1      10     fxp0     1187

$ ifconfig fxp0
fxp0:  flags=8843<UP, BROADCAST, RUNNING, IMPLEX, MULTICAST> Metric 0 mtu 1500
         options=2009<RXCSUM, VLAN_MTU, WOL_MAGIC>
         ether 00:e0:b8:3d:5c:61
         inet 172.16.1.33 netmask 0xffff0000 broadcast 172.16.255.255
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active

$ cat /etc/rc.conf
hostname= "MY CORRECT HOSTNAME"
ipv6_enable="NO"
dbus_enable="YES"
hald_enable="YES"

#Denyhosts startup
denyhosts_enable="YES"

#Enable firewall
firewall_enable="YES"
firewall_type="client"

FSCK enhancements
fsck_y_enable="YES"

#Start swapexd daemon
swapexd_enable="YES"

#Enable pbid
pbid_enable="YES"


$ traceroute 69.147.83.40
traceroute: sendto: permission denied


Nav_open_url: Url=>http://freebsd.org/<
Dns-server {0} freebsdorg is 0x287d09FB
Connecting to 2001:4F8:fff6::28
Http_connect_socket ERROR: No route to host
```

I also have a question about where my ipfw.rules file might be hiding. 
It doesn't show I have one if I do *cat /etc/ipfw.rules* and when I try to open it 
in /etc/ipfw.rules it creates a new file with no rules, but when I use *ipfw list* it shows a basic set of rules.

I seems like the two must be connected somehow but I was having connect problems before enabling ipfw. I hate to have to ask but am at that point and any help provided will be greatly appreciated.


----------



## Deleted member 30996 (Mar 20, 2012)

I installed a weather program through ports to see if I could get a current report and was able to do so but still can't ping out and am thinking it has to be something to do with the default ipfw rules that are being loaded. 

The router address it lists is wrong for me:


```
#ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow ip from me to 192.0.2.0/24
00500 allow ip from 192.0.2.0/24 to me
00600 allow tcp from any to any established
00700 allow ip from any to any frag
00800 allow tcp from any to me dst-port 25 setup
00900 allow tcp from me to any setup
01000 deny tcp from any to any setup
01100 allow udp from me to any dst-port 53 keep-state
01200 allow udp from me to any dst=port 123 keep-state
65535 deny ip from any to any
```

This is the right one:


```
$ netstat -rn
Routing tables

Destination     Gateway           Flags   Refs    Use     Netif   Expire
default         172.16.0.1        UGS        0       0     fxp0
127.0.0.1       127.0.0.1         UH         0       0      lo0
172.16.0.0/16   link#1            UC         0       0     fxp0
172.16.0.1      MAC#              UHLW       1      10     fxp0   1187
```

But I don't know where the file is located to change it:

```
# cat ipfw.rules
cat: ipfw.rules: No such file or directory
```

That must have been the case because I disabled the ipfw to run on boot and was able to run traceroute to FreeBSD.org. Now if someone could kindly direct me to where my ipfw.rules files might be located I'll change it to my correct router IP# and be on my merry way. 

I looked in the FreeBSD Handbook (what a novel idea) and found that the file I was looking for was /etc/rc.firewall and changed the router IP# to the correct one but after enabling ipfw and a reboot still can't traceroute out even as root, so I'm back to where I started from unless I want to run wit the firewall disabled.


----------



## wblock@ (Mar 21, 2012)

See /etc/rc.firewall.


----------



## Deleted member 30996 (Mar 21, 2012)

wblock@ said:
			
		

> See /etc/rc.firewall.



I did, and changed my router IP# to the right one but still couldn't ping out or use traceroute. 

I disabled the firewall again and could then traceroute to  and ping FreeBSD.org but not browse to it using Dillo:



```
Nav_open_url: Url=>http://freebsd.org/<
Dns-server {0} freebsd.org is 0x287d09FB
Connecting to 2001:4F8:fff6::28
Http_connect_socket ERROR: No route to host
```

So I still have partial internet connectivity even with the firewall disabled.


----------



## DutchDaemon (Mar 21, 2012)

Please stop using that green color, use the proper  tags. See http://forums.freebsd.org/showthread.php?t=8816.


----------



## Deleted member 30996 (Mar 21, 2012)

DutchDaemon said:
			
		

> Please stop using that green color, use the proper  tags. See http://forums.freebsd.org/showthread.php?t=8816.




Sure thing. Please remove the Solved tag from my post since I'm still haviing the same problem.

I tried logging onto the FreeBSD FTP URL with Dillo and was able to do that but still can't connect HTTP and get the same "No route to host" error.


----------



## wblock@ (Mar 21, 2012)

Figure out why Dillo is doing an IPv6 lookup.  Was it built with IPv6 support?


----------



## Deleted member 30996 (Mar 21, 2012)

wblock@ said:
			
		

> Figure out why Dillo is doing an IPv6 lookup.  Was it built with IPv6 support?



That was very astute of you. I couldn't remember if I compiled Dillo with or without IPv6 support so installed lynx from ports without it and can access the net using HTTP (without the firewall enabled). Thanks a lot, I appreciate it.

Now if I can come up with a decent ruleset to suit my needs I should be good to go.


----------

