# Can't ping out from default gateway or hosts



## andyh2451 (Jan 5, 2014)

Hi *g*uys,

I am a newbie to FreeBSD but have some Linux experience, so please forgive me if I say something stupid. Firstly, here's what I want to achieve - I would like to port forward pass all traffic from my Sky hub router to and from the FreeBSD proxy (192.168.0.3 hostname tinman) to my Linux clients as below:

```
# 	Enable 	Service Name 	Action 	LAN Users 	WAN Servers 	Log
  	1	HTTP	ALLOW always	192.168.0.3 (1:65535)	0.0.0.0 (80)	Always
  	# 	Enable 	Service Name 	Action 	LAN Users 	WAN Servers 	Log
	 1	HTTP	ALLOW always	192.168.0.3 (80)	0.0.0.0 (1:65535)	Always
```

*T*he FreeBSD Squid application is set to port 3128 and I have also set up IPFW on the same box*.* Setting the client's browsers to the proxy name and port 3128 works fine. I am puzzled, though, by the fact that I can't ping out from the proxy box or any of my Linux clients. Trying to ping a WAN address just hangs with no errors. Something must be wrong but I'm not sure where I should be looking. Here's my rc.conf file configuration:

```
hostname="tinman"
wlans_wpi0="wlan0"
#ifconfig_wlan0="inet 192.168.0.3 netmask 255.255.255.0"
defaultrouter="127.0.0.1"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ipfilter_enable="YES"
sshd_enable="YES"
squid_enable="YES"
moused_enable="NO"
apache24_enable="YES"
firewall_enable="YES"
firewall_script="YES"
firewall_script="/usr/local/etc/ipfw.rules"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
```

Here's the IPFW rules configuration:

```
IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
```

Any help would be gratefully received.

Please let me know if any more information is needed*.*


----------



## throAU (Jan 15, 2014)

In /etc/rc.conf your "defaultrouter" is set to the loopback address, which certainly won't be helping.  That should be the private (LAN side) IP of your WAN router.

A list of devices, what is plugged into what, and the IP addresses for each interface (don't need your router's WAN IP) will help, too.


----------



## wblock@ (Jan 15, 2014)

The first of these does nothing because it is immediately overwritten by the second:

```
firewall_script="YES"
firewall_script="/usr/local/etc/ipfw.rules"
```


----------

