From owner-freebsd-questions Wed Sep 6 9:47:17 2000 Delivered-To: freebsd-questions@freebsd.org Received: from infoviaplus.net.ar (adv17.infoviaplus.net.ar [200.9.212.61]) by hub.freebsd.org (Postfix) with ESMTP id EEA1737B424 for ; Wed, 6 Sep 2000 09:47:08 -0700 (PDT) Received: from infovia.com.ar ([209.13.247.56]) by infoviaplus.net.ar (Tid InfoMail Exchanger v2.20) with SMTP id #968258801.108770001; Wed, 6 Sep 2000 13:46:41 -0300 Message-ID: <39B675B5.67924D6A@infovia.com.ar> Date: Wed, 06 Sep 2000 13:49:57 -0300 From: Ignacio X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: es-AR, es-ES, en MIME-Version: 1.0 To: fbsd Subject: firewalls for dummies (for me) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Infomail-Id: 968258801.2A7D01AC1E039E.38801 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm having problems with the firewall. i have another machine w/ win 98. i want to enable that machine to acces the internet when i connect this via ppp. i bring up the ppp conection, but the other machine cant get to the internet. have i some problems with the pol of ipfw? The kernel is compiled with this options: ---start (some) kernel options--- options MROUTING ## Multicast routing options IPFIREWALL ##firewall options IPFIREWALL_VERBOSE ##print information about dropped packets options IPFIREWALL_FORWARD ##enable transparent proxy support options "IPFIREWALL_VERBOSE_LIMIT=50" ##limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT ##allow everything by default NO! options IPDIVERT ##divert sockets options IPFILTER ##kernel ipfilter support options IPFILTER_LOG ##ipfilter logging options TCPDEBUG pseudo-device ppp 1 pseudo-device tun 1 ---end kernel options--- ---start (related) dmesg echo--- IP packet filtering initialized, divert enabled, \ rule-based forwarding enabled, logging limited to 50 packets/entry IP Filter: initialized. Default = pass all, Logging = enabled ---end dmesg echo--- ---start (related items) rc.conf--- ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0" network_interfaces="ed0 lo0 tun0" hostname="microbio.bbs" firewall_enable="YES" firewall_type="OPEN" defaultrouter="YES" gateway_enable="YES" natd_enable="YES" natd_interface="tun0" natd_flags="-f /etc/natd.conf" ---end rc.conf--- ---start (complete file) rc.firewall--- /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any #future change this!! /sbin/ipfw add 100 pass all from any to any via lo0 /sbin/ipfw add 200 deny all from any to 127.0.0.0/8 ---end rc.firewall--- ---Start (complete file) natd.conf--- log no deny_incoming no same_ports yes dynamic yes verbose no interface tun0 # ICQ Stuff here ---End natd.conf---- ---start (complete file) hosts---- 127.0.0.1 localhost.bbs localhost 192.168.1.1 microbio.bbs microbio 192.168.1.2 matungos.bbs matungos ---end hosts--- microbio:~$ netstat -nrf inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 209.13.169.90 UGSc 8 28 ppp0 127.0.0.1 127.0.0.1 UH 0 11 lo0 192.168.72 link#1 UC 0 0 ed0 192.168.72.2 0:0:21:e2:0:fd UHLW 1 565 ed0 1023 209.13.169.90 209.13.247.56 UH 8 0 ppp0 -- Ignacio Zelaya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message