Date: 03 Jul 1999 10:47:09 -0400 From: Arcady Genkin <a.genkin@utoronto.ca> To: "Art Neilson, KH7PZ" <art@hawaii.rr.com> Cc: Arcady Genkin <a.genkin@utoronto.ca>, freebsd-questions@freebsd.org Subject: Re: natd and ipfw Message-ID: <871zep6b9u.fsf@main.wgaf.net> In-Reply-To: "Art Neilson, KH7PZ"'s message of "Fri, 02 Jul 1999 20:59:25 -1000" References: <3.0.6.32.19990702205925.032d20a0@clients1.hawaii.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Art Neilson, KH7PZ" <art@hawaii.rr.com> writes: > What do your firewall rules look like? Did you write any yet? > You may want to set firewall_enable="YES" and firewall_type="OPEN" > in your /etc/rc.conf.local or whatever you call your rc.conf > overrides file. After you are sure the nework itself is solid > you can start battening down the hatches by coding up /etc/rc.firewall > and setting firewall_type="simple" or whatevers matches your rc.firewall > script. Well, isn't command "ipfw add allow all from any to any" equivalent to what you suggest above? Thanks. > >I've attempted to configure ipfirewalling/masquerading on an FreeBSD > >3.2-Release. Here's what I did: > > > >options IPFIREWALL > >options IPFIREWALL_VERBOSE > >options IPDIVERT > > > >then I added in /etc/rc.conf: > > > >gateway_enable="YES" > >ipfw add allow all from any to any > >#I'll play with this later > > > >then I rebooted and ran "natd -interface ed0" > > > >I have 2 computers in my network -- the firewall named "door" 192.168.1.1 > and a > >workstation named "main" 192.168.1.2. "door" is connected to internet > >via ed1 (ADSL connection with dhclient), and is able to ping, telnet, > >ftp, etc. both into the internet and into "main". It connects to main > >via ed0. > > > >"main" is able to connect to "door" in any possible method > >(i.e. internal tcp/ip link works OK). It runs Linux 2.2.10, and I'm telling > >it to use "door" as its router: > > > >ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up > >route add -net 192.168.1.0 netmask 255.255.255.0 eth0 > >route add default gw 192.168.1.1 eth0 > > > >However, "main" is unable to ping anything in the internet. I get the > >feeling that it routes packets out correctly, because if I ping > >something, then the nic on "door" flashes LEDs. > > > >Can somebody think of something that I'm doing wrong? Thanks a lot in > advance! > > > >Here's output of netstat -r and netstat -i on "door": > > > >Routing tables > > > >Internet: > >Destination Gateway Flags Refs Use Netif Expire > >default HSE-TOR-ppp22711.s UGSc 1 17 ed1 > >localhost localhost UH 1 0 lo0 > >192.168.1 link#1 UC 0 0 ed0 > >main 0:80:c8:f2:c6:14 UHLW 0 5 ed0 1191 > >209.226.71 link#2 UC 0 0 ed1 > >HSE-TOR-ppp22711.s 0:90:6f:fc:f8:20 UHLW 2 0 ed1 736 > >HSE-TOR-ppp22919.s localhost UGHS 0 0 lo0 > > > >Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll > >ed0 1500 <Link> 00.80.c8.ec.0f.39 47 0 13 0 0 > >ed0 1500 192.168.1 door 47 0 13 0 0 > >ed1 1500 <Link> 52.54.4c.17.c9.5c 17 0 52 0 0 > >ed1 1500 209.226.71 HSE-TOR-ppp2291 17 0 52 0 0 > >lo0 16384 <Link> 0 0 0 0 0 > >lo0 16384 127 localhost 0 0 0 0 0 > > > >========= > >Here's output of the same commands on "main": > > > >Kernel IP routing table > >Destination Gateway Genmask Flags MSS Window irtt > Iface > >localnet * 255.255.255.0 U 0 0 0 eth0 > >localnet * 255.255.255.0 U 0 0 0 eth0 > >default door.wgaf.net 0.0.0.0 UG 0 0 0 eth0 > > > >Kernel Interface table > >Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP > TX-OVR Flg > >eth0 1500 0 4562 0 0 0 12075 3 0 > 0 BRU > >lo 3924 0 11 0 0 0 11 0 0 > 0 LRU -- Arcady Genkin "... without money one gets nothing in this world, not even a certificate of eternal blessedness in the other world..." (S. Kierkegaard) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?871zep6b9u.fsf>