# Internet stops after firewall change



## supanatral (Nov 1, 2010)

I have 2 FreeBSD servers on our network. I changed out to a new (very secure) firewall and set it up correctly. Everything works like a charm except for 1 FreeBSD server.

The server that's causing problems is a web server as well as email spam server. This server cannot ping to the outside world as well as receive any requests outside of its subnet. Inside the subnet, I can ping it.

I then change the firewall back to the old one and it works fine. It **seems** like FreeBSD is "married" to that old firewall (mac address maybe). Any reason why it's doing this?

The other FreeBSD server works fine and all windows computers and Exchange works great. It's just that single FreeBSD box.


----------



## SirDice (Nov 1, 2010)

First guess, you made a boo-boo in your new firewall rule set. 
Going by my own experience, there's probably something very, very obvious you're overlooking 

But without _any_ information like IP addresses, firewall configuration, what firewall (there are 3 choices), etc. it'll be kinda hard for us to analyze.


----------



## supanatral (Nov 1, 2010)

That's what I thought however I looked over it and it seems good. I have Outlook web access working and hosted from a windows box. ALL computers are able to access the web.

It's just this one individual box. When I use this firewall, this FreeBSD box can't access the web and the web can't access it.

I can't even ping that FreeBSD box from a seperate branch office using a different subnet. I can ping anything else though.


----------



## tingo (Nov 1, 2010)

Check arp output (arp -a) on the FreeBSD server in question, and on your firewall.


----------



## supanatral (Nov 2, 2010)

Thanks Tingo,
I was thinking it had to do with the mac address as well but it appears that the mac address gets updated when I switch out the firewall.


----------



## mix_room (Nov 2, 2010)

You might have all kinds of problems: old static routes that you added to the FreeBSD server, you might have instructed the FreeBSD server to get something from DHCP which it can no longer do, etc etc. 

Take a look at your FreeBSD server to see if it has the proper routing set up.


----------



## DutchDaemon (Nov 2, 2010)

And don't be shy of running tcpdump(1) wherever you can run it, just to find out where traffic actually does not arrive, or does arrive, but doesn't receive a response, or even receives a nasty RST.


----------



## supanatral (Nov 3, 2010)

Thanks everyone, that is definitely helpful!

I actually figured it out for 24 hours, then it stopped working again. I noticed IPv6 enabled (in rc.conf) and I know I've had problems in the past when using Windows computers. After disabling IPv6, it worked for a bit.

It stopped again and we had to switch back. This does confirm one thing, it's not the firewall. While all this is going on, all other computers have had no problems at all.


```
netserver# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.254      UGS        24    39993    em0
127.0.0.1          link#3             UH          0     4599    lo0
192.168.1.0/24     link#1             U           5    33019    em0
192.168.1.40       link#1             UHS         0    10081    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UH          lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01:3::/32                       fe80::1%lo0                   U           lo0
ff02::%lo0/32                     fe80::1%lo0                   U           lo0
```


----------

