Date: Thu, 28 Oct 2004 12:25:46 -0700 (PDT) From: Zhelyazko Georgiev <jeliazkoge@yahoo.com> To: freebsd-chat@freebsd.org Subject: Request: Message-ID: <20041028192546.66960.qmail@web41713.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
--0-473234177-1098991546=:66756 Content-Type: text/plain; charset=us-ascii Content-Id: Content-Disposition: inline Dear members of the freebsd mailing list, I'm new to freebsd and still trying to learn some basic concepts as far as configurating it as operating system. The question that I'm about to ask is probably very simple so I ask for your excuse to bother you with hat question but I'm trying to figure it out for a long time now and still no results. I'm trying to setup my FreeBSD 5.2 Realease to act as a Nat router/ gateway. I compiled the kernel by including the following options : options IPFIREWALL options IPDIVERT options IPSEC options IPSEC_ESP options IPSEC_DEBUG options IPFILTER options PFIL_HOOKS attached are my inetd.conf ; ipf.rules ; ipnat.rules and rc.conf files. I'm able to ping both networks and access internet from the freebsd machine. From the external network I cannot see the internal (as it should be) from the internal I can ping the internal IP 192.168.1.1 of my FreeBSD box and also the external IP address 84.21.192.168 but I'm not able to see the router of my ISP 84.21.192.1 and for that reason I do not have internet for the internal network. Please help me to figure out why I'm not able to make this thing to work. Any help is highly appreciated. Thank you in advance. __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail --0-473234177-1098991546=:66756 Content-Type: text/plain; name="inetd.conf.txt" Content-Description: inetd.conf.txt Content-Disposition: inline; filename="inetd.conf.txt" $FreeBSD: src/etc/inetd.conf,v 1.63 2003/06/09 21:04:30 markm Exp $ # # Internet server configuration database # # Define *both* IPv4 and IPv6 entries for dual-stack support. # To disable a service, comment it out by prefixing the line with '#'. # To enable a service, remove the '#' at the beginning of the line. # #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4 ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6 #telnet stream tcp nowait root /usr/libexec/telnetd telnetd #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd #shell stream tcp nowait root /usr/libexec/rshd rshd #shell stream tcp6 nowait root /usr/libexec/rshd rshd #login stream tcp nowait root /usr/libexec/rlogind rlogind #login stream tcp6 nowait root /usr/libexec/rlogind rlogind #finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #exec stream tcp nowait root /usr/libexec/rexecd rexecd # # run comsat as root to be able to print partial mailbox contents w/ biff, # or use the safer tty:tty to just print that new mail has been received. #comsat dgram udp wait tty:tty /usr/libexec/comsat comsat # # ntalk is required for the 'talk' utility to work correctly #ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd #tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot #tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -s /tftpboot #bootps dgram udp wait root /usr/libexec/bootpd bootpd # # "Small servers" -- used to be standard on, but we're more conservative # about things due to Internet security concerns. Only turn on what you # need. file "inetd.conf", 119 lines --0-473234177-1098991546=:66756 Content-Type: text/plain; name="ipf.rules.txt" Content-Description: ipf.rules.txt Content-Disposition: inline; filename="ipf.rules.txt" #Basic ruleset block in all with frag #Only I can pass packets out on the external interface pass out quick rl0 proto tcp from 84.21.192.150 to any keep state pass out quick on rl0 proto udp from 84.21.192.150 to any keep state pass out quick on rl0 proto icmp from 84.21.192.150 to any keep state pass out quick all block in on rl0 proto icmp all pass in on rl0 proto icmp from any to any icmp-type echo pass in on rl0 proto icmp from any to any icmp-type echorep block in on rl0 proto icmp from any to any icmp-type unreach code3 #Block all other non established connections block in quick on rl0 proto tcp from any to any flags S/SA --0-473234177-1098991546=:66756 Content-Type: text/plain; name="rc.conf.txt" Content-Description: rc.conf.txt Content-Disposition: inline; filename="rc.conf.txt" # -- sysinstall generated deltas -- # Thu Feb 3 00:05:26 2000 # Created: Thu Feb 3 00:05:26 2000 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter="84.21.192.1" gateway_enable="YES" hostname="ironhost.server.com" #ipsec_enable="YES" enable_firewall="YES" firewall_type="OPEN" firewall_quiet="YES" ipfilter_enable="YES" ipnat_enable="YES" natd_enable="YES" natd_interface="rl0" natd_flags="-f /etc/natd.rules" sendmail_enable="NONE" fsck_y_enable="YES" syslogd_enable="NO" inetd_enable="YES" ifconfig_rl0="inet 84.21.192.150 netmask 255.255.255.0" ifconfig_rl1="inet 192.168.1.1 netmask 255.255.0.0" linux_enable="YES" moused_enable="YES" sshd_enable="YES" usbd_enable="NO" # This file now contains just the overrides from /etc/defaults/rc.conf. # Please make all changes to this file, not to /etc/defaults/rc.conf. # Enable network daemons for user convenience. # Created: Fri Feb 4 09:25:44 2000 # -- sysinstall generated deltas -- # Fri Feb 4 09:25:44 2000 ifconfig_rl0="inet 84.21.192.150 netmask 255.255.255.0" file "rc.conf", 38 lines --0-473234177-1098991546=:66756 Content-Type: text/plain; name="ipnat.rules.txt" Content-Description: ipnat.rules.txt Content-Disposition: inline; filename="ipnat.rules.txt" map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:65000 map rl0 10.0.0.0/24 -> 0.0.0.0/32 rdr rl0 0.0.0.0/0 port 3389 -> 192.168.1.2 port 3389 --0-473234177-1098991546=:66756--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041028192546.66960.qmail>