From owner-freebsd-questions Sun Feb 20 14:26:53 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc1.wa.home.com (ha1.rdc1.wa.home.com [24.0.2.66]) by hub.freebsd.org (Postfix) with ESMTP id 2DA6537BFAD for ; Sun, 20 Feb 2000 14:26:46 -0800 (PST) (envelope-from johnmpurser@home.com) Received: from C37259A ([24.9.57.64]) by mail.rdc1.wa.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <20000220222209.ZTVB14903.mail.rdc1.wa.home.com@C37259A>; Sun, 20 Feb 2000 14:22:09 -0800 Reply-To: From: "John Purser" To: Cc: Subject: RE: Setting up a Gateway to @home - Newbie VERY confused Date: Sun, 20 Feb 2000 14:22:01 -0800 Message-ID: <000001bf7bf0$e9a16820$40390918@vncvr1.wa.home.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal In-Reply-To: <20000220162251.C36373@cc942873-a.ewndsr1.nj.home.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Christ, Thanks for the help. I followed your instruction and here is what has happened so far: I had to change the ipfw line to: ipfw add 100 divert NATD all FROM any to any via fxp1 (CAPS being upper case versions of my additions) I edited the rc.conf but the ipfw rules still don't come up on reboot. Should the firewall_type option = OPEN instead of open? When I enter "ping yahoo.com" nothing happens, not even the command prompt until I hit control C. You were right about sysinstall. It had created 5 versions of my network cards in rc.conf which tells you how long I've been poking at this. Any other ideas? I don't know where to go from here. Thanks, John Purser -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Crist J. Clark Sent: Sunday, February 20, 2000 1:23 PM To: John Purser Cc: questions@FreeBSD.ORG Subject: Re: Setting up a Gateway to @home - Newbie VERY confused On Sun, Feb 20, 2000 at 09:57:56AM -0800, John Purser wrote: > Hello, > > I have a computer running FreeBSD 3.4 (custom kernel) with two network cards > (fxp0, fxp1). fxp0 is on my local network (FreeBSD, NTWks, Win98) and I > want to use fxp1 to connect to my AT&T@home cable modem. I have a static IP > address from @home, both NIC's are recognized by FreeBSD but I'm still > having trouble. I've read man pages, huge chunks for the manual, man pages > galore, and several tutorials that start out with "All you have to do..." > and nothing is working. > > Using /stand/sysinstall I've configured fxp1 with the info from @home (Host > name, Domain, DNS Server, Gateway, IP address, subnet mask). Now I'm trying > to configure fxp0 for my network but changing the host name changes it for > both cards. I thought the whole point of having two cards was that each > card had it's own complete set of info. Apparently I'm way off base there > but that leaves me not knowing how to proceed. Don't use /stand/sysinstall to try to do both NICs. It is beyond the scope of what sysinstall was created for. >From what I've read there seem to be five things that need to be configured > for my FreeBSD box to work as a gateway: > fxp0 (Private network) > HOST: > DOMAIN: > DNS Server: > GATEWAY: > IP ADDR: 192.168.0.NNN > SUBNET MASK: 255.255.255.0 > fxp1 (@home) > HOST: CWHATEVER > DOMAIN: HOME.COM > DNS Server: 24.YYY.YYY.YYY > GATEWAY: 24.XXX.XXX.XXX > IP ADDR: 24.ZZZ.ZZZ.ZZZ > SUBNET MASK: 255.255.255.0 hostname(1), domain name, DNS server, and gateway are not things associated with a NIC. Only an address, subnet mask, and broadcast address are associated with the NIC. See tha output of 'ifconfig -a.' > ipfw: > > natd: > > bind: > > I've filled in what I'm fairly confident about. I know this is a lot to ask > for on the mailing list but this is my third day trying get there on my own > and I don't have a whole lot to show for it. I've got a ton of books in the > mail (Thank you Amazon and O'Reilly) but I want to at least connect my > FreeBSD box to the internet before reading all of them! "All you have to do" to have this one machine connected to the Internet is have the outer NIC (fxp1) configured properly. I'll assume you have done that in sysinstall. Now, if you have machines behind this box you want to access the Internet on, we have a few more things. First, we need to configure the internal interface (let's just say you use 192.168.0.0/24 for a private address-space), # ifconfig fxp0 inet 192.168.0.254 You are all set there. But we need NAT for the internal machines. That is as simple as (provided the kernel has DIVERT built in, see natd(8)), # natd -u -n fxp1 Now, we need to add the divert rule to the firewall, # ipfw add 100 divert all any to any via fxp1 And that's really all you need there. To get this to work on boot, edit rc.conf, hostname="really.long.ugly.home.com" network_interfaces="lo0 fxp0 fxp1" ifconfig_fxp0="inet 192.168.0.254" ifconfig_fxp1="inet netmask 255.255.255.0" firewall_enable="YES" firewall_type="open" natd_enable="YES" natd_interface="fxp1" natd_flags="-u" > Has anyone seen a good tutorial on this? I've tried a few but not only did > they not work I didn't even get enough of a response to figure out what was > not working. If you've read all the stuff you said you did, I don't see how it could be too much of a problem. Just try to get away from /stand/sysinstall. The only thing that I like using it for besides installing is that nice interactive interface to fdisk. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message