Date: Sat, 15 May 1999 11:20:52 -0700 (PDT) From: daniel B <danielb@pacex.net> To: freebsd-questions@freebsd.org Subject: RE: natd and ipfw woes! Message-ID: <Pine.BSF.3.96.990515103645.7756A-100000@almazs.pacex.net>
next in thread | raw e-mail | index | archive | help
Hi list; Please read this you may have the key to end my grief!
I have a network that looks like this:
Internet-----[ router ]---[ep1 firewall/gateway ep0]---[ LAN ]
router=204.1.215.219---ep1=204.1.215.131----ep0=10.0.0.1---LAN= real IPs
ep1 is external interface with real IP
ep0 is internal interface with dummy IP can't have two nics in the same
subnet so I gave it a fake IP which the outside won't notice.
all machines in the LAN have real IPs
Everything is in the same subnet /27
I am trying to use ipfw with natd on a fbsd 3.1-R firewall/gateway
Kernel configured for:
options IPFIREWALL_VERBOSE
options BRIDGE
options IPDIVERT
sysctl setup:
net.inet.ip.forwarding=1
net.link.ether.bridge=0 # not sure what the relevance is here
net.link.ether.bridge_ipfw=0 # same here is this relevant to my setup?
/etc/rc.conf
gateway_enable=YES
firewall_enable=YES
natd_enable=YES
firewall_type=open
FIREWALL RULES:
$fwcmd add 201 divert natd all from any to any via ep1
$fwcmd add 202 pass all from any to any
/etc/services ----> natd 8668/divert
I want my inside LAN machines to keep their real IPs and want to firewall
them from the outside world.
BUT it does not seem to work with this setup! everytime I try to ping the
router from the gateway I get ` permission denied'
I can ping both nics on the gateway from machine itself but NOT from the
LAN. When I ping/telnet to LAN from gateway I get `permission denied`
What am I doing wrong??
Thank for your help
Dan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990515103645.7756A-100000>