From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 23 09:42:57 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D1C0C16A412
	for <freebsd-questions@freebsd.org>;
	Sat, 23 Sep 2006 09:42:57 +0000 (UTC)
	(envelope-from extazyti@gmail.com)
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.237])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5678243D64
	for <freebsd-questions@freebsd.org>;
	Sat, 23 Sep 2006 09:42:54 +0000 (GMT)
	(envelope-from extazyti@gmail.com)
Received: by wx-out-0506.google.com with SMTP id i27so1279225wxd
	for <freebsd-questions@freebsd.org>;
	Sat, 23 Sep 2006 02:42:53 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type;
	b=JfPT/+HPol5YuY8AZ/yCwwY5+5yJuevlNTW1HGnPXpyP+eGIkvqdPab3kFW1iov2mLPHpTMaLvThxrP6hH2l5vNrY3fufYSGu018IWPh+SE9BRS1hSqZJi7SGj9rrVjdnWA8o9pbjZW7FGksJ3sF13VYPTTI+kmwIkgcIJWRlQE=
Received: by 10.70.80.14 with SMTP id d14mr2815710wxb;
	Sat, 23 Sep 2006 02:42:53 -0700 (PDT)
Received: by 10.70.11.15 with HTTP; Sat, 23 Sep 2006 02:42:53 -0700 (PDT)
Message-ID: <468d29450609230242r4c3f6d0w5f1a24d11d604bd3@mail.gmail.com>
Date: Sat, 23 Sep 2006 12:42:53 +0300
From: ExTaZyTi <extazyti@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Please Help, My natd/firewall Not Work :(
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Sep 2006 09:42:57 -0000

Hi again,

I have problem with my network, I use 2 Network Cards in my FreeBSD computer
and 1 Network Cards in WinXP Prof sp2,
one of the network card - rl0 is my real static ip address with DHCP, 2
network card is - rl1 is my local gateway ip: 192.168.0.1,
I don't set the gateway for the rl1, just ip: 192.168.0.1, DNS from the ISP,
mask: 255.255.255.0,..
I precompiled my kernel with options FIREWALL, IPDIVER,
IPFIREWALL_DEFAULT_TO_ACCEPT, IPFIREWALL_VERBOSE.
---------
my /etc/rc.conf is:
---------
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall.sh"
natd_enable="YES"
natd_interface="rl1"
natd_flags=""
sendmail_enable="NONE"
hostname="root.extremebg.biz"
ifconfig_rl0="DHCP"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
inetd_enable="NO"
ifconfig_rl1="inet 192.168.0.1  netmask 255.255.255.0"
hostname="root.extremebg.biz"
---------
my /etc/firewall.sh is:
---------
#!/bin/sh
/sbin/ipfw -f flush
/sbin/ipfw add 1000 pass all from any to any via lo0
/sbin/ipfw add 1100 deny all from any to 127.0.0.0/8
/sbin/ipfw add 1200 deny icmp from any to any frag
/sbin/ipfw add 1300 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
/sbin/ipfw add 1400 deny tcp from any to any not established tcpflags fin
/sbin/ipfw add 1500 deny tcp from any to any tcpflags
fin,syn,rst,psh,ack,urg
/sbin/ipfw add 1600 deny tcp from any to any tcpflags
!fin,!syn,!rst,!psh,!ack,!urg
/sbin/ipfw add 4000 deny udp from any 137-139 to any via rl0
/sbin/ipfw add 4100 deny udp from any to any 137-139 via rl0
/sbin/ipfw add 5000 divert natd ip from 192.168.0.0:255.255.255.128 to any
out xmit rl1
/sbin/ipfw add 5100 divert natd ip from any to 192.168.0.1
/sbin/ipfw add 5500 deny all from 192.168.0.0/24 to not 192.168.0.0/2480,21,443
/sbin/ipfw add 600 allow all from any to any
---------
my ifconfig is:
---------
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2c0:26ff:fe5e:72a4%rl0 prefixlen 64 scopeid 0x1
        inet 85.239.153.142 netmask 0xffffff80 broadcast 85.239.153.255
        ether 00:c0:26:5e:72:a4
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2e0:4cff:fe3c:f2f%rl1 prefixlen 64 scopeid 0x2
        inet 192.168.0.1 netmask 0xffffff80 broadcast 192.168.0.127
        ether 00:e0:4c:3c:0f:2f
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
---------
my /etc/sysctl.conf is:
---------
net.inet.ip.forwarding=1
---------
My network ISP gateway is: 85.239.153.129, submask: 255.255.255.128, my
static real ip is: 85.239.153.142, my ISP DNS server is:
85.239.155.1.
---------

my pc start natd successfully, and other services ..
--

my WinXP network configuration is:

DNS 85.239.155.1, gateway: 192.168.0.1, mask: 255.255.255.0, ip addess:
192.168.0.2.

I connected my computers in LAN, but not going traffic from my freebsd to
the windows :(
I don't know how to route traffic from FreeBSD to the windows :(
please help