Date: Tue, 20 Feb 2001 01:15:19 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Robert Daniels <rdaniels38@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD&GATEWAY PROBLEMS Message-ID: <20010220011519.X62368@rfx-216-196-73-168.users.reflex> In-Reply-To: <009c01c09a78$f7833ca0$43701518@cx628451A>; from rdaniels38@home.com on Mon, Feb 19, 2001 at 06:36:30AM -0700 References: <009c01c09a78$f7833ca0$43701518@cx628451A>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 19, 2001 at 06:36:30AM -0700, Robert Daniels wrote:
> Hello, my name is Robert. I am trying to configure my FreeBSD 4.0 as a gateway. I have a 3 computer network. My ISP is cox@home. (Cable Modem)
>
> Computer 1 name is FOO (will serve as gateway)
> Computer 2 name is BAR (Running Free BSD 4.0)
> Computer 3 name is BAZ(Running Dual Boot Win2000 Professional & Red Hat Linux 7.0)
>
> I compiled IPFIREWALl, IPDIVERT, IPFIREWALL_VERBOSE, and IPFIREWALL_DEFAULT_TO_ACCEPT in my Kernel on computer FOO.
>
> I put the following lines in my rc.conf file on computer FOO
>
> hostname="CX628451-A"
> ifconfig_dc0"inet 192.168.1.1 netmask 255.255.255.0" # Private IP
=
> ifconfig_dc1"inet 24.21.112.xxx netmask 255.255.255.0" # Public IP
=
> gateway_enable="YES"
> defaultrouter="24.21.112.1" # Gateway for my ISP.
> natd_enable="YES"
> natd_interface="dc1"
> natd_flags"-l -u -s -m"
=
> firewall_enable="YES"
> firewall_type="OPEN"
I'll assume those are typos?
> The rc.conf fie on BAR looks as follows.
>
> hostname="BAR"
> ifconfig_x10="inet 192.168.1.2 netmask 255.255.255.0" # Private non-routable IP
> defaultrouter="192.168.1.1"
> gateway_enable"NO"
=
Oops. Another.
[could you try wrapping your text at about 72 characters or so?]
> With this setup I am able to ping computer FOO from computer BAR. I am able to ping both private and public addresses. I am also able to ping FOO defaultrouter IP and DNS IP that I have set in resolv.conf. But I am unable to ping an address out on the internet on computer BAR.
This is strange. BAR can ping the external router and the DNS servers,
but it cannot reach "out on the Internet?" As far as BAR is concerned,
the external router and DNS server would be out on the Internet.
On FOO, run,
# tcpdump -n -idc0 'icmp'
And,
# tcpdump -n -idc1 'icmp'
While you try to ping something on the Internet from BAR. Make sure
the packets are getting aliased correctoy.
> Of course I am able to ping address on the internet with computer FOO. I can telnet into Foo via BAR and vice versa. I also verified that the line natd 8668/divert was present in /etc/services.
Looks like all of the local nets and you connection to the 'Net are
OK.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220011519.X62368>