From owner-freebsd-questions Fri Jul 2 23:39:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from smtp11.bellglobal.com (smtp11.bellglobal.com [204.101.251.53]) by hub.freebsd.org (Postfix) with ESMTP id 0D3F8158A5 for ; Fri, 2 Jul 1999 23:39:24 -0700 (PDT) (envelope-from a.genkin@utoronto.ca) Received: from main.wgaf.net (HSE-TOR-ppp22898.sympatico.ca [209.226.71.188]) by smtp11.bellglobal.com (8.8.5/8.8.5) with ESMTP id CAA24030 for ; Sat, 3 Jul 1999 02:42:27 -0400 (EDT) Received: from antipode by main.wgaf.net with local (Exim 2.05 #1 (Debian)) id 110JzH-000052-00; Sat, 3 Jul 1999 03:13:23 -0400 To: freebsd-questions@freebsd.org Subject: natd and ipfw From: Arcady Genkin Date: 03 Jul 1999 03:13:23 -0400 Message-ID: <87u2rmryss.fsf@main.wgaf.net> Lines: 77 User-Agent: Gnus/5.070089 (Pterodactyl Gnus v0.89) XEmacs/21.1 (20 Minutes to Nikko) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all: I've attempted to configure ipfirewalling/masquerading on an FreeBSD 3.2-Release. Here's what I did: options IPFIREWALL options IPFIREWALL_VERBOSE options IPDIVERT then I added in /etc/rc.conf: gateway_enable="YES" ipfw add allow all from any to any #I'll play with this later then I rebooted and ran "natd -interface ed0" I have 2 computers in my network -- the firewall named "door" 192.168.1.1 and a workstation named "main" 192.168.1.2. "door" is connected to internet via ed1 (ADSL connection with dhclient), and is able to ping, telnet, ftp, etc. both into the internet and into "main". It connects to main via ed0. "main" is able to connect to "door" in any possible method (i.e. internal tcp/ip link works OK). It runs Linux 2.2.10, and I'm telling it to use "door" as its router: ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up route add -net 192.168.1.0 netmask 255.255.255.0 eth0 route add default gw 192.168.1.1 eth0 However, "main" is unable to ping anything in the internet. I get the feeling that it routes packets out correctly, because if I ping something, then the nic on "door" flashes LEDs. Can somebody think of something that I'm doing wrong? Thanks a lot in advance! Here's output of netstat -r and netstat -i on "door": Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default HSE-TOR-ppp22711.s UGSc 1 17 ed1 localhost localhost UH 1 0 lo0 192.168.1 link#1 UC 0 0 ed0 main 0:80:c8:f2:c6:14 UHLW 0 5 ed0 1191 209.226.71 link#2 UC 0 0 ed1 HSE-TOR-ppp22711.s 0:90:6f:fc:f8:20 UHLW 2 0 ed1 736 HSE-TOR-ppp22919.s localhost UGHS 0 0 lo0 Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ed0 1500 00.80.c8.ec.0f.39 47 0 13 0 0 ed0 1500 192.168.1 door 47 0 13 0 0 ed1 1500 52.54.4c.17.c9.5c 17 0 52 0 0 ed1 1500 209.226.71 HSE-TOR-ppp2291 17 0 52 0 0 lo0 16384 0 0 0 0 0 lo0 16384 127 localhost 0 0 0 0 0 ========= Here's output of the same commands on "main": Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface localnet * 255.255.255.0 U 0 0 0 eth0 localnet * 255.255.255.0 U 0 0 0 eth0 default door.wgaf.net 0.0.0.0 UG 0 0 0 eth0 Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 4562 0 0 0 12075 3 0 0 BRU lo 3924 0 11 0 0 0 11 0 0 0 LRU -- Arcady Genkin "... without money one gets nothing in this world, not even a certificate of eternal blessedness in the other world..." (S. Kierkegaard) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message