From owner-freebsd-questions Mon Jun 4 3:31:54 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (f99.pav1.hotmail.com [64.4.31.99]) by hub.freebsd.org (Postfix) with ESMTP id BD08137B401 for ; Mon, 4 Jun 2001 03:31:50 -0700 (PDT) (envelope-from tinnakorn2000@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 4 Jun 2001 03:31:50 -0700 Received: from 203.150.14.99 by pv1fd.pav1.hotmail.msn.com with HTTP; Mon, 04 Jun 2001 10:31:50 GMT X-Originating-IP: [203.150.14.99] From: "tinnakorn kunasit" To: freebsd-questions@FreeBSD.ORG Subject: ipfirewall Date: Mon, 04 Jun 2001 17:31:50 +0700 Mime-Version: 1.0 Content-Type: text/html Message-ID: X-OriginalArrivalTime: 04 Jun 2001 10:31:50.0574 (UTC) FILETIME=[90B1C4E0:01C0ECE1] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG
 
dear sir
      I am install FreeBSD 4.2 but can not set firewall.
 
      In my system have 2 network card
 
                        rl0 203.151.42.62
                        rl1 10.0.0.1
            
      I want to make ip masquerade forward  ip from inside (rl1) to outside (rl0)
      How I can make it?
    
 I tried to set
    
1.   add options for ipfirewall and recompile kernel
  
            options IPFIREWALL
            options IPDIVERT
            options IPFIREWALL_VERBOSE
            options IPFIREWALL_VERBOSE_LIMIT=100
            options IPFIREWALL_DEFAULT_TO_ACCEPT
 
 2.   in /etc/service
             natd     6668/divert
 
3.   enable firewall line in /etc/rc.conf
            firewall_enable="YES"
            firewall_script="/etc/rc.firewall"
              
4.  edit file /etc/rc.firewall
             /sbin/ipfw -f flush
             /sbin/ipfw -q add 100 pass all from any to any via lo0
            /sbin/ipfw  -q add 200 pass all from any to 127.0.0.0/8
            /sbin/ipfw  -q add 300 pass all from any to any
 
            /sbin/sysctl -n -w net.inet.ip.forwarding=1
           /sbin/natd -l -d  auth -m -u  -n rl1 -dynamic
           /sbin/ipfw add divert natd all from any to any out
           /sbin/ipfw add divert natd all from any to any in
 
but I can not ping from inside to outside
     
 
from command       /sbin/ipchains -A forward -s 10.0.0.0/8 -d 0.0.0.0/0 -j MASQ
How  I change to ipfw?
 
 
          thank you
 
            Tinnakorn
          FreeBSD use
 
  
                   
 

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message