Date: Thu, 16 Jan 2003 15:01:48 -0600 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@freebsd.org Subject: another go at ipfw/natd Message-ID: <20030116210148.GA4352@darkpossum>
next in thread | raw e-mail | index | archive | help
--ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi again i have two machines - one has two nics, one has one nic. i'd like to set up= the machine with two nics as a gateway/natd box, and place the second mach= ine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter=3D"129.x.x.1" hostname=3D"enquirer.medill.northwestern.edu" ifconfig_xl0=3D"inet 129.x.x.35 netmask 255.255.255.0" ifconfig_xl1=3D"inet 10.0.0.1 netmask 255.0.0.0" gateway_enable=3D"YES" firewall_enable=3D"YES" #firewall_script=3D"/etc/rc.firewall" firewall_type=3D"OPEN" natd_enable=3D"YES" natd_interface=3D"xl0" natd_flags=3D"" second machine's /etc/rc.conf: defaultrouter=3D"10.0.0.1" ifconfig_xl0=3D"inet 10.0.0.2 netmask 255.0.0.0" 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/e= n_US.IS...dbook/natd.html=20 "Each machine and interface behind the LAN should be assigned IP address nu= mbers in the private network space as defined by RFC 1918 and have a defaul= t gateway of the natd machine's internal IP address." this isn't working for me. i cannot ping outside machines from the client m= achine. 'ping www.freebsd.org' times out. pinging the ip address outside th= e router gives me 'no route to host', pinging the ip address of the gateway= box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. = the client machine can ping itself and get a response, however - 'ping 10.0= .0.2' gives me a response. please help, i'm stuck. --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Jx27FNjun16SvHYRAqO9AJ9htTUibZDKhboVHmzWmdu02gM8WACgjgUw 9W/LMXhydWZradDXXRQzN2k= =9XOQ -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030116210148.GA4352>