From owner-freebsd-questions  Mon Oct 23  0:13:24 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 65E0E37B4C5
	for <freebsd-questions@freebsd.org>; Mon, 23 Oct 2000 00:13:20 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 23 Oct 2000 00:12:00 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e9N7Cub04830;
	Mon, 23 Oct 2000 00:12:56 -0700 (PDT)
	(envelope-from cjc)
Date: Mon, 23 Oct 2000 00:12:56 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Erik <erik@ezl.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: routing with natd
Message-ID: <20001023001256.G75251@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <000701c03cab$4a7c2ce0$0200000a@garnax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <000701c03cab$4a7c2ce0$0200000a@garnax.com>; from erik@ezl.com on Sun, Oct 22, 2000 at 11:39:53PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Oct 22, 2000 at 11:39:53PM -0500, Erik wrote:
> I have installed: FreeBSD 4.1-RELEASE
> 
> 
> Conceptually this is how I have it hooked up:
> 
> cable (dhcp) ---(vr0)-> BSD machine --(ed0)--> hub  ----> pc1
>                                    realip x.x.x.x                          |
> 10.0.0.2
>                                    & 10.0.0.1                           pc2
> 
> 10.0.0.3

Hmmm... This picture is really messed up. Using MS Outlook Express
there? Don't draw ASCII pictures with a proportional font.

> I think this is the useful stuff from the rc.conf file:
> 
> ifconfig_vr0="DHCP"
> gateway_enable="YES"
> network_interfaces="lo0 ed0 vr0"   # List of network interfaces
> ivconfig_lo0="inet 127.0.0.1"      # default loopback device
   ^
Typo, I assume? But it does not matter, the proper entry in
/etc/defaults/rc.conf will be used if that is actually there.

> ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0"
> firewall_enable="YES"
> firewall_type="OPEN"
> firewall_script="/etc/firewall/fwrules"  # created by me

What rules are you using? Actually, the output of 'ipfw show' would be
prefered.

> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="vr0"
> 
> PC1 and PC2
> win98 SE installed on both
> ips: 10.0.0.2 and 10.0.0.3 and subnet mask is 255.255.255.0
> dns configuration:   host: pc1 and pc2    domain: whatever.com
>   dns search order: x.x.x.x dns server for cable
>
> c:\windows\hosts.sam
> 127.0.0.1       localhost
> 10.0.0.1         BSD      BSD.whatever.com
> 10.0.0.2         PC1      PC1.whatever.com
> 10.0.0.3         PC2      PC2.whatever.com
> 
> I recompiled my kernel with IPDIVERT and IPFIREWALL as options.
> I am able to access the internet from the BSD machine.
> I can ping pc1(10.0.0.2) and pc2(10.0.0.3) either by ip or alias from the
> BSD machine. (edited hosts)
> I can telnet in to the BSD machine from pc1 or pc2 by using 10.0.0.1 (but
> not aliases)

A Windows problem. *shock*
 
> What I want to do is have the BSD machine act as a firewall/router so that
> my little
> network has access to the internet while still being protected.  I would
> also like to
> be able to telnet into it (lack of monitors).
> 
> 
> Is there anything else I have to do to these windows machines?

No, assuming that they were properly setup by whoever installed the
OSes, the only thing you probably need to do is put in the network
information that you mentioned above.

> Is my rc.conf correct? and Should I change anything in the rc.conf file?
> firewall_type="simple"?

This will be whatever you make of it since you are not using the
default /etc/rc.firewall where the 'firewall_type' variable is used.

> natd_flags="????"
> natd_flags="-f /etc/natd.conf"???

You probably do not need any of these.

> What should I have in the fwrules file?

Whatever firewall rules you need to set up. However, to get things
started, I would suggest using the 'OPEN' firewall rules in
/etc/rc.firewall and then setup your own rule file once you get that
going.

> what should I have in the natd.conf file?
> and how would I use it?

You probably do not need it. If you need to pass lots of settings to
natd(8), a natd.conf file is a convenient way to do so.

> Do I need to add "sysctl -w net.inet.ip.forwarding=1" to a file somewhere?

No, that is precisely what the 'gateway_enable' variable does.

Finally, are you actually having any problems? From what you said, you
can reach all of the other machines from the FreeBSD box and the Win
boxes can reach the FreeBSD machine, but you never said if there were
any successes or failures with anything else.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message