From owner-freebsd-questions  Sat Feb 23 17:32: 2 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 6C43537B402
	for <questions@FreeBSD.ORG>; Sat, 23 Feb 2002 17:31:58 -0800 (PST)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g1O1WME43106;
	Sat, 23 Feb 2002 19:32:23 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Sat, 23 Feb 2002 19:32:22 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Christopher Johannsen <chris@rimrockpc.com>
Cc: questions@FreeBSD.ORG
Subject: Re: IPFW and NAT Woes
In-Reply-To: <200202231633.AA127860872@rimrockpc.com>
Message-ID: <Pine.BSF.4.21.0202231928020.42776-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 23 Feb 2002, Christopher Johannsen wrote:

> I have been trying to get NAT and IPFW running on my home machine
> FreeBSD4.3 Release to turn it into a Broadband firewall. I have one
> ISA Realtek 10MB card and 1 Realtek 10/100 PCI NIC and a 3com Cable
> modem. I have compiled the IPFIREWALL_VERBOSE and IPDIVERT options
> into the kernel and added:
> 
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="ed1" 
> 
> to my rc.conf.  My internal net is using the 192.168.1 network
> address. My exterenal nic is using DHCP.  Internal IP is 192.168.1.5.  
> Here's the problem. Once the machine is up I can ping names and
> numbers from the Gateway machine to the outside world and I can ping
> to the inside network from the gateway. I can ping both interfaces
> from my machine on the network but I cannot ping internet addresses
> from inside the network. It seems like the NAT is not working
> properly. I am able to access my gateway machine from the outside
> world through SSH.  Below is a copy of my rc.conf:
> 
> gateway_enable="YES"
> hostname="hornet"
> network_interfaces="rl0 ed1"
> ifconfig_rl0="inet 192.168.1.5  netmask 255.255.255.0"
> ifconfig_ed1="DHCP"
> inetd_enable="YES"
> linux_enable="YES"
> sendmail_enable="NO"
> sshd_enable="YES"
> log_in_vain="YES"


> ipfilter_enable="YES"
> ipfilter_flags=""
> ipmon_enable="YES"
> ipmon_flags="-Dsvn"

	Turn ipfilter and ipmon stuff off...you don't need it when running
	ipfw.


> ntpdate_enable="YES"
> ntpdate_flags="ogden.bendnet.com"
> firewall_enable="YES"
> firewall_type="OPEN" 
> natd_enable="YES"
> natd_interface="ed1"
> natd_flags="-redirect_port tcp 192.168.1.5:22 22"
> 

	This setup looks ok.  As long as ed1 is your outside
	interface.  What does `ifconfig` show?

> Any ideas or suggestion are appreciated. Thanks in advance!

	What does `ipfw -a l` show?


Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message