Date: Thu, 16 Jan 2003 15:27:49 -0500 From: Bill Moran <wmoran@potentialtech.com> To: Redmond Militante <r-militante@northwestern.edu> Cc: freebsd-questions@freebsd.org Subject: Re: another go at ipfw/natd Message-ID: <3E2715C5.3080704@potentialtech.com> References: <20030116210148.GA4352@darkpossum>
next in thread | previous in thread | raw e-mail | index | archive | help
Redmond Militante wrote: > hi again > > i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two > nics as a gateway/natd box, and place the second machine behind it. > > gateway machine's kernel has been recompiled with: > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > gateway machine's /etc/rc.conf: > > defaultrouter="129.x.x.1" > hostname="enquirer.medill.northwestern.edu" > ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0" > ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" > gateway_enable="YES" > firewall_enable="YES" > #firewall_script="/etc/rc.firewall" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="xl0" > natd_flags="" > > second machine's /etc/rc.conf: > > defaultrouter="10.0.0.1" > ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0" > > 'ipfw list' on the gateway machine gives me: > 00050 divert 8668 ip from any to any via xl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 allow ip from any to any > > i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html > > "Each machine and interface behind the LAN should be assigned IP address numbers in the private > network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address." > > this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org' > times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address > of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client > machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response. Let me ask some questions to help diagnose this: 1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1? 2. What's in /etc/resolv.conf on the gateway and the client machine? 3. What does ifconfig display on the gateway? Does xl1 show as "up" with a valid media type? Do your net card and hub both have link lights? -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E2715C5.3080704>