Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Feb 2000 14:22:01 -0800
From:      "John Purser" <>
To:        <>
Cc:        <questions@FreeBSD.ORG>
Subject:   RE: Setting up a Gateway to @home - Newbie VERY confused
Message-ID:  <000001bf7bf0$e9a16820$>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Thanks for the help.  I followed your instruction and here is what has
happened so far:

I had to change the ipfw line to:
ipfw add 100 divert NATD all FROM any to any via fxp1  (CAPS being upper
case versions of my  additions)

I edited the rc.conf but the ipfw rules still don't come up on reboot.
Should the firewall_type option = OPEN instead of open?

When I enter "ping" nothing happens, not even the command prompt
until I hit control C.

You were right about sysinstall.  It had created 5 versions of my network
cards in rc.conf which tells you how long I've been poking at this.

Any other ideas?  I don't know where to go from here.


John Purser

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Crist J. Clark
Sent: Sunday, February 20, 2000 1:23 PM
To: John Purser
Cc: questions@FreeBSD.ORG
Subject: Re: Setting up a Gateway to @home - Newbie VERY confused

On Sun, Feb 20, 2000 at 09:57:56AM -0800, John Purser wrote:
> Hello,
> I have a computer running FreeBSD 3.4 (custom kernel) with two network
> (fxp0, fxp1).  fxp0 is on my local network (FreeBSD, NTWks, Win98) and I
> want to use fxp1 to connect to my AT&T@home cable modem.  I have a static
> address from @home, both NIC's are recognized by FreeBSD but I'm still
> having trouble.  I've read man pages, huge chunks for the manual, man
> galore, and several tutorials that start out with "All you have to do..."
> and nothing is working.
> Using /stand/sysinstall I've configured fxp1 with the info from @home
> name, Domain, DNS Server, Gateway, IP address, subnet mask).  Now I'm
> to configure fxp0 for my network but changing the host name changes it for
> both cards.  I thought the whole point of having two cards was that each
> card had it's own complete set of info.  Apparently I'm way off base there
> but that leaves me not knowing how to proceed.

Don't use /stand/sysinstall to try to do both NICs. It is beyond the
scope of what sysinstall was created for.

>From what I've read there seem to be five things that need to be configured
> for my FreeBSD box to work as a gateway:
> fxp0 (Private network)
> 	HOST:
> 	DNS Server:
> 	IP ADDR: 192.168.0.NNN
> fxp1 (@home)
> 	DNS Server: 24.YYY.YYY.YYY

hostname(1), domain name, DNS server, and gateway are not things
associated with a NIC. Only an address, subnet mask, and broadcast
address are associated with the NIC. See tha output of 'ifconfig -a.'

> ipfw:
> natd:
> bind:
> I've filled in what I'm fairly confident about.  I know this is a lot to
> for on the mailing list but this is my third day trying get there on my
> and I don't have a whole lot to show for it.  I've got a ton of books in
> mail (Thank you Amazon and O'Reilly) but I want to at least connect my
> FreeBSD box to the internet before reading all of them!

"All you have to do" to have this one machine connected to the
Internet is have the outer NIC (fxp1) configured properly. I'll assume
you have done that in sysinstall. Now, if you have machines behind
this box you want to access the Internet on, we have a few more
things. First, we need to configure the internal interface (let's just
say you use for a private address-space),

  # ifconfig fxp0 inet

You are all set there. But we need NAT for the internal machines. That
is as simple as (provided the kernel has DIVERT built in, see natd(8)),

  # natd -u -n fxp1

Now, we need to add the divert rule to the firewall,

  # ipfw add 100 divert all any to any via fxp1

And that's really all you need there.

To get this to work on boot, edit rc.conf,

  network_interfaces="lo0 fxp0 fxp1"
  ifconfig_fxp1="inet <your public IP> netmask"

> Has anyone seen a good tutorial on this?  I've tried a few but not only
> they not work I didn't even get enough of a response to figure out what
> not working.

If you've read all the stuff you said you did, I don't see how it
could be too much of a problem. Just try to get away from
/stand/sysinstall. The only thing that I like using it for besides
installing is that nice interactive interface to fdisk.
Crist J. Clark                 

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <$e9a16820$40390918>