Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Aug 2006 14:13:45 -0500
From:      David Kelly <dkelly@hiwaay.net>
To:        "admin@hdk5.com" <admin@hdk5.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Adding a FreeBSD Gateway on a DSL/ ATM circuit
Message-ID:  <20060803191345.GA31429@Grumpy.DynDNS.org>
In-Reply-To: <44D241FE.8050007@hdk5.com>
References:  <44D241FE.8050007@hdk5.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Aug 03, 2006 at 08:35:42AM -1000, admin@hdk5.com wrote:
> 
> I can ping from the gateway box nic to the internet ok. I can ping from 
> the Test box to the Lan side of the gateway box OK. I cant reach the 
> internet thru the gateway. I have read probably 5 howtos from the 
> FreeBSD hand book and elsewhere and none are exactly what I am doing.

A properly designed DSL/ATM modem or router is not going to allow
private IP addresses onto the public internet. So you can not get thru
the FreeBSD gateway without NAT to map 192.168/16 to the gateway
external IP address.

At the very least you need to enable gateway and NAT. One way to do NAT
is with IPFW.

in /etc/rc.conf I have:

firewall_enable="YES"           # Set to YES to enable firewall functionality
firewall_type="client"          # really ought to remove this from custom script
firewall_script="/etc/dmk.firewall"     # my custom script
natd_enable="YES"               # Enable natd (if firewall_enable == YES).
natd_interface="fxp1"           # the external interface to place nat'ed packets
natd__flags="-f /etc/natd.conf" # some natd config
gateway_enable="YES"            # both natd and gateway needed

/etc/natd.conf looks like this:

interface fxp1
log_denied
log_facility security
use_sockets
same_ports
dynamic
log_ipfw_denied
punch_fw        4900:99 

punch_fw defines where dynamic rules are inserted in my ipfw ruleset to support ftp.

/etc/dmk.firewall is only a modified version of the stock rc.firewall.

-- 
David Kelly N4HHE, dkelly@HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060803191345.GA31429>