Date: Mon, 16 Jul 2001 08:55:37 -0500 From: Jeff Sapp <jasapp@pelennor.net> To: khayman <khayman@carolina.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re: routing not working Message-ID: <20010716085537.A16836@pelennor.net> In-Reply-To: <3B524DD6.9B622A0E@carolina.rr.com>; from khayman@carolina.rr.com on Sun, Jul 15, 2001 at 10:13:42PM -0400 References: <3B524DD6.9B622A0E@carolina.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> My routing table looks like this: > > Destination Gateway flags refs use Netif Expire > default 192.168.1.1 UGSc 0 3 de0 > 10.10.10/24 link#1 UC 1 0 dc0 => > localhost localhost UH 0 0 lo0 > 192.168.1 link#2 UC 3 0 de0 => > > I have a linksys 4 port router/firewall outside the 192.x interface > which in turn connects to a cable modem. The goal is to get rid of the > linksys and have the cbl modem come directly into the BSD firewall. Do you get public (and static) ips from your ISP or is there a reason you are using private network addresses on your external interface? If you only get one ip from your ISP, you'll have to run nat on your firewall. > My rc.conf file looks like this: > > gateway_enable="YES" > network_interfaces="de0 dc0 lo0" > ifconfig_de0="DHCP" > ifconfig_dc0="inet 10.10.10.1 netmask 255.255.255.0" > . > . > ipfilter_enable="YES" > ipnat_enable="YES" That all looks ok. > Any suggestions on where to look to see what I've screwed up? > ps: If and when I get this working properly, does anyone know if I'll > be able to pass a CheckPoint SecuRemote client thru the firewall?? Sure. It shouldn't be too hard to figure out what changes you need to make to your ipf.rules file. Flush your rules, run tcpdump, then the application, look at the tcpdump output and change your rules accordingly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010716085537.A16836>