Date: Thu, 21 Nov 2002 08:37:57 -0600 From: "Thomas Heien" <keltondlg@hotmail.com> To: freebsd-questions@FreeBSD.org Subject: Re: FreeBSD gateway Message-ID: <F1578hRNsFABZnegWmQ00003878@hotmail.com>
next in thread | raw e-mail | index | archive | help
I am having almost the same exact problem. I've followed the guides on freebsddiary, in the handbook, and instructions here in the list, but I still can't ping out to the internet from my xp box. I can however ping the external NIC's IP address though. Maybe someone can post a simplified rc.firewall just for gateways? >From: Constantine <cnst@rbcmail.ru> >To: Marc Perisa <perisa@porsche.de> >CC: Derrick Ryalls ><ryallsd@datasphereweb.com>,freebsd-questions@FreeBSD.org >Subject: Re: FreeBSD gateway >Date: Wed, 20 Nov 2002 18:18:01 -0500 > >Marc Perisa wrote: >>Derrick Ryalls wrote: >> >>>>Hello! >>>>I have installed FreeBSD 4.7 recently, and it seems it does not want to >>>>work as a gateway. I have two network cards in my FreeBSD computer, fxp0 >>>>for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am >>>>confused what the difference between gateways and routers is (I was >>>>thinking they link to the same thing). I can ping my FreeBSD box from >>>>winxp, I can ping internet from remote session to FreeBSD, but I cannot >>>>ping internet from my winxp. >>>>My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway >>>>192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: >>>> >>>>gateway_enable="YES" >>>>kern_securelevel_enable="NO" >>>>nfs_reserved_port_only="YES" >>>>ifconfig_sis0="DHCP" >>>>ifconfig_fxp0="inet 192.168.0.18 netmask 255.255.255.0" >>>>#router_enable="YES" # from handbook gateway_enable="YES" >>>>firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" >>>>natd_interface="sis0" >>> >> >>natd_flags="" #/ handbook >> >>> >>> >>>Are your ip's reversed? I think the gateway should have the .1 address >>>and the xp box should use the .18 >> >> >>Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box >>to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally >>you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But >>it is not forbidden to set it to any IP in that subnet. >> >>> >>>Are you using the default kernel? If so, you will need to add a couple >>>lines are recompile. >>> >>>options IPFIREWALL #firewall >>>options IPDIVERT #divert sockets >>> >>>as for the difference between a router and a gateway, a gateway is a >>>machine to deal with going from one network (lan) to another network >>>(wan), I think. >>> >> >> From your point of view (as needed for this problem) routers and >>gateways are the same. In this case the FreeBSD box is acting as a router >>for your internal net to the Internet. A simple router would do the same. >>But for more complex routing you have to either setup gated (or similar >>software) or add all rules (if they are static) by hand. >>A gateway is the simplest form of a router. >> >>>>The last two lines from dmesg: >>>>IP packet filtering initialized, divert disabled, rule-based forwarding >>>>enabled, default to deny, logging disabled >>>>ip_fw_ctl: invalid command >>> >> >>That hints to a problem with the /etc/rc.firewall script (which is called >>when you add to /etc/rc.conf firewall_enable="YES"). >> >>Please provide us with the output of "ipfw list". (You have to do that as >>root of course). I think your firewall ruleset is not tuned for a gateway >>situation. >> >>Hope that helps >> >>Marc >> >> > ># ipfw show >00100 0 0 allow ip from any to any via lo0 >00200 0 0 deny ip from any to 127.0.0.0/8 >00300 0 0 deny ip from 127.0.0.0/8 to any >65000 8102 5158330 allow ip from any to any >65535 1 60 deny ip from any to any > >I want FreeBSD to act as a simple gateway for my LAN, but for some reason >it does not want to work that way, though I have confirmed to the >installation programme that I want FreeBSD to function as a gateway. What >are the simplest steps I need to follow to make FreeBSD act as a gateway? >(I have a fresh 4.7R installation) > >Thanks. > >Constantine > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F1578hRNsFABZnegWmQ00003878>