From owner-freebsd-questions Wed Dec 20 17: 7:47 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 17:07:44 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from whiterose.net (whiterose.net [199.245.105.145]) by hub.freebsd.org (Postfix) with ESMTP id 3817C37B400 for ; Wed, 20 Dec 2000 17:07:44 -0800 (PST) Received: from ccrider2k (adsl-209-158-239-63.cptl.adsl.bellatlantic.net [209.158.239.63]) by whiterose.net (8.10.1/8.10.1) with SMTP id eBL14gC18989; Wed, 20 Dec 2000 20:04:53 -0500 From: "Robert Myers" To: , Subject: RE: ipfw/gateway Date: Wed, 20 Dec 2000 15:31:42 -0500 Message-ID: <000101c06ae9$c54e9680$0201a8c0@ccrider2k> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <20001219200559.A80329@snoopie.yi.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Eric, You will need to add IP_FORWARD in the kernel config, compile and rebuild. That option will allow you to forward packets accross the interfaces. Don't forget to enable all the rest of the IPFW options if you want the ability to deny traffic..... Also add to /etc/rc.conf gateway_enable=yes. I am pretty sure about these values, although I can be wrong, look for kernel config value in LINT, and look for gateway_enable in /etc/defaults/rc.conf I think this should put you a lot closer to a NAT type setup, if you want something more complex than a single IP address sharing for all of your machines, I think natd will help you out. Hope that helps Bob Myers -----Original Message----- From: brueggma@dsl-64-193-123-121.telocity.com [mailto:brueggma@dsl-64-193-123-121.telocity.com]On Behalf Of Eric Brueggmann Sent: Tuesday, December 19, 2000 9:06 PM To: questions@FreeBSD.ORG Subject: ipfw/gateway Hello, I was wondering if any knows where I can find some info on setting up a firewall with ipfw and allowing all the boxes behind the gateway/firewall access to the net. I thought this would do it: # Allow all from the inside. ${fwcmd} add pass all from any to any via ${iif} ${fwcmd} add pass all from any to any out via ${oif} but it dosen't quite work. I still can't check out the web from behind the firewall. I'm using the "simple" ipfw firewall with the only modifications above. I was unable to ping the gateway/firewall from the client till I added those rules. Should I setup a proxy? But how am I gonna use napster? ;-) Or am I just plain confused on how this all works? Is there an easier way, then setting up a complicated ipfw rule set? Thanks for any input, Eric Brueggmann P.S. Please cc to my e-mail, I usually don't follow questions@. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message