Date: Thu, 3 Aug 2006 14:13:45 -0500 From: David Kelly <dkelly@hiwaay.net> To: "admin@hdk5.com" <admin@hdk5.com> Cc: freebsd-questions@freebsd.org Subject: Re: Adding a FreeBSD Gateway on a DSL/ ATM circuit Message-ID: <20060803191345.GA31429@Grumpy.DynDNS.org> In-Reply-To: <44D241FE.8050007@hdk5.com> References: <44D241FE.8050007@hdk5.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 03, 2006 at 08:35:42AM -1000, admin@hdk5.com wrote: > > I can ping from the gateway box nic to the internet ok. I can ping from > the Test box to the Lan side of the gateway box OK. I cant reach the > internet thru the gateway. I have read probably 5 howtos from the > FreeBSD hand book and elsewhere and none are exactly what I am doing. A properly designed DSL/ATM modem or router is not going to allow private IP addresses onto the public internet. So you can not get thru the FreeBSD gateway without NAT to map 192.168/16 to the gateway external IP address. At the very least you need to enable gateway and NAT. One way to do NAT is with IPFW. in /etc/rc.conf I have: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="client" # really ought to remove this from custom script firewall_script="/etc/dmk.firewall" # my custom script natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="fxp1" # the external interface to place nat'ed packets natd__flags="-f /etc/natd.conf" # some natd config gateway_enable="YES" # both natd and gateway needed /etc/natd.conf looks like this: interface fxp1 log_denied log_facility security use_sockets same_ports dynamic log_ipfw_denied punch_fw 4900:99 punch_fw defines where dynamic rules are inserted in my ipfw ruleset to support ftp. /etc/dmk.firewall is only a modified version of the stock rc.firewall. -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060803191345.GA31429>