Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Oct 2004 23:36:52 -0700 (PDT)
From:      sonjaya <son_jaya@yahoo.com>
To:        freebsd-questions@freebsd.org
Subject:   router in freebsd 5.2 
Message-ID:  <20041013063652.58332.qmail@web40909.mail.yahoo.com>

next in thread | raw e-mail | index | archive | help
dear all

i newbie  in freebsd ,
i wan create router in freebsd 5.2 here my topolgi 

lan(1)--lan(2)--lan(3)gw--internet

lan(1)= 192.168.1.1/24
lan(2)= 172.18.2.1/16 
lan(3)= 172.18.1.1/16 
gw    = 202.158.xx.xx

1. I wan't i can't access  from lan(1) to lan(2) ,
also to lan(3) ( ping , etc ) 
2. In lan(2) can go direct to gw ( internet) with
default gw 172.18.1.1 
3.i want make  lan(1) connect direct to internet by 
gw(172.18.2.1)see point no.2 
4. lan(3) linux router+NAT(IPtables) , lan(2) Freebsd
5.2 , lan(1) microsoft net 

i follow step in here  : 
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/article.html



here my rc.conf ( lan(2)) 
rl0=172.18.2.1/16
rl1=192.168.1.1/24


hostname="gw.rt-rw.net"
defaultrouter="172.18.1.1"
ifconfig_rl0="inet 172.18.5.1  netmask 255.255.0.0"
ifconfig_rl1="inet 192.168.1.1  netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/fw1"
router_flags="-q"
router="/sbin/routed"
router_enable="YES"
gateway_enable="YES"

and here my firewall script ( /etc/fw1)

# Define the firewall command (as in /etc/rc.firewall)
for easy
# reference.  Helps to make it easier to read.
fwcmd="/sbin/ipfw"

# Define our outside interface.  With userland-ppp
this
# defaults to tun0.
oif="rl0"

# Define our inside interface.  This is usually your
network
# card.  Be sure to change this to match your own
network
# interface.
iif="rl1"

# Force a flushing of the current rules before we
reload.
$fwcmd -f flush

# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not
verrevpath

# Allow all connections that we initiate, and keep
their state.
# but deny established connections that don't have a
dynamic rule.
$fwcmd add allow ip from me to any out via $oif
keep-state
$fwcmd add deny tcp from any to any established in via
$oif

# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif

# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any

# Allow internet users to connect to the port 22 and
80.
# This example specifically allows connections to the
sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in
via $oif setup keep-state

# Allow ICMP packets: remove type 8 if you don't want
your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif
icmptypes 0,3,8,11,12

# Deny and log all the rest.
$fwcmd add deny log ip from any to any

until now i can ping from lan(1) to lan(3) , ofcourse
lan(1) can not acces to internet .

may in here can  tell me what should , thx 





 

=====
SONJAYA



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041013063652.58332.qmail>