From owner-freebsd-questions  Mon May  5 05:34:41 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id FAA21678
          for questions-outgoing; Mon, 5 May 1997 05:34:41 -0700 (PDT)
Received: from helbig.informatik.ba-stuttgart.de (helbig.informatik.ba-stuttgart.de [141.31.166.22])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA21670
          for <questions@FreeBSD.ORG>; Mon, 5 May 1997 05:34:37 -0700 (PDT)
Received: (from helbig@localhost)
	by helbig.informatik.ba-stuttgart.de (8.8.5/8.8.5) id OAA17127;
	Mon, 5 May 1997 14:31:50 +0200 (MET DST)
From: Wolfgang Helbig <helbig@MX.BA-Stuttgart.De>
Message-Id: <199705051231.OAA17127@helbig.informatik.ba-stuttgart.de>
Subject: Re: Can't get reply when pinging from inside network
In-Reply-To: <Pine.BSF.3.91.970505153956.10770A-100000@unix.ukdw.ac.id> from Hendra Sentono at "May 5, 97 03:53:42 pm"
To: hendra@unix.ukdw.ac.id (Hendra Sentono)
Date: Mon, 5 May 1997 14:31:49 +0200 (MET DST)
Cc: questions@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL30 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> Our BSD 2.1.5-RELEASE configured as a gateway and firewall.
> It is installed with 2 network cards and configured to be able to
> give Internet connection for the inside network (with one NIC, the
> other NIC is connected to the Internet via VSAT connection)
> 
> # parts of sysconfig
> router="routed"
> gateway=YES
> firewall=YES
> 
> The problem is when a computer from the inside network try to ping
> any Internet address (such as www.yahoo.com), it can recognize the
> IP address, but it receives 'Request time out' message.
> 
> Most of our inside network computers are Win95 with TCP/IP installed,
> DNS enabled (we configure the BSD machine as name server, too).
> 
> In this situation our inside computers can't ftp-ing any outside
> sites (but it can ftp-ing the BSD machine and also some other BSD
> machines that have the same position/connected to the Internet
> directly as the former)

It looks like your firewall configuration is correct, (read the firewall
section in /usr/share/doc/handbook.html if in doubt) but you want to use your
BSD machine as a gateway as well, so you have to set gateway="YES" in
/etc/sysconfig to get it started at bootime, or set it later with

# sysctl -w net.inet.ip.forwarding=1

Wolfgang