From owner-freebsd-questions Thu Jan 16 13:11:14 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCBC437B401 for ; Thu, 16 Jan 2003 13:11:11 -0800 (PST) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1AB843F18 for ; Thu, 16 Jan 2003 13:11:10 -0800 (PST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (7d90f8967835f2b0b947da66039cbdb9@localhost.medill.northwestern.edu [127.0.0.1]) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6) with ESMTP id h0GL1ms4004371 for ; Thu, 16 Jan 2003 15:01:48 -0600 (CST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6/Submit) id h0GL1m6e004370 for freebsd-questions@freebsd.org; Thu, 16 Jan 2003 15:01:48 -0600 (CST) Date: Thu, 16 Jan 2003 15:01:48 -0600 From: Redmond Militante To: freebsd-questions@freebsd.org Subject: another go at ipfw/natd Message-ID: <20030116210148.GA4352@darkpossum> Reply-To: Redmond Militante Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline User-Agent: Mutt/1.4i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-Tofu: The other white meat substitute. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi again i have two machines - one has two nics, one has one nic. i'd like to set up= the machine with two nics as a gateway/natd box, and place the second mach= ine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter=3D"129.x.x.1" hostname=3D"enquirer.medill.northwestern.edu" ifconfig_xl0=3D"inet 129.x.x.35 netmask 255.255.255.0" ifconfig_xl1=3D"inet 10.0.0.1 netmask 255.0.0.0" gateway_enable=3D"YES" firewall_enable=3D"YES" #firewall_script=3D"/etc/rc.firewall" firewall_type=3D"OPEN" natd_enable=3D"YES" natd_interface=3D"xl0" natd_flags=3D"" second machine's /etc/rc.conf: defaultrouter=3D"10.0.0.1" ifconfig_xl0=3D"inet 10.0.0.2 netmask 255.0.0.0" 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/e= n_US.IS...dbook/natd.html=20 "Each machine and interface behind the LAN should be assigned IP address nu= mbers in the private network space as defined by RFC 1918 and have a defaul= t gateway of the natd machine's internal IP address." this isn't working for me. i cannot ping outside machines from the client m= achine. 'ping www.freebsd.org' times out. pinging the ip address outside th= e router gives me 'no route to host', pinging the ip address of the gateway= box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. = the client machine can ping itself and get a response, however - 'ping 10.0= .0.2' gives me a response. please help, i'm stuck. --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Jx27FNjun16SvHYRAqO9AJ9htTUibZDKhboVHmzWmdu02gM8WACgjgUw 9W/LMXhydWZradDXXRQzN2k= =9XOQ -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message