From owner-freebsd-questions Thu Jan 16 13:17:55 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29DAB37B401 for ; Thu, 16 Jan 2003 13:17:53 -0800 (PST) Received: from mail.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D03443F1E for ; Thu, 16 Jan 2003 13:17:47 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by mail.adelphia.net (8.12.3/8.12.3) with ESMTP id h0GLItAg006951; Thu, 16 Jan 2003 16:18:55 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E2715C5.3080704@potentialtech.com> Date: Thu, 16 Jan 2003 15:27:49 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Redmond Militante Cc: freebsd-questions@freebsd.org Subject: Re: another go at ipfw/natd References: <20030116210148.GA4352@darkpossum> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Redmond Militante wrote: > hi again > > i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two > nics as a gateway/natd box, and place the second machine behind it. > > gateway machine's kernel has been recompiled with: > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > gateway machine's /etc/rc.conf: > > defaultrouter="129.x.x.1" > hostname="enquirer.medill.northwestern.edu" > ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0" > ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" > gateway_enable="YES" > firewall_enable="YES" > #firewall_script="/etc/rc.firewall" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="xl0" > natd_flags="" > > second machine's /etc/rc.conf: > > defaultrouter="10.0.0.1" > ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0" > > 'ipfw list' on the gateway machine gives me: > 00050 divert 8668 ip from any to any via xl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 allow ip from any to any > > i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html > > "Each machine and interface behind the LAN should be assigned IP address numbers in the private > network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address." > > this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org' > times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address > of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client > machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response. Let me ask some questions to help diagnose this: 1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1? 2. What's in /etc/resolv.conf on the gateway and the client machine? 3. What does ifconfig display on the gateway? Does xl1 show as "up" with a valid media type? Do your net card and hub both have link lights? -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message