Date: Mon, 23 Oct 2000 00:12:56 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Erik <erik@ezl.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: routing with natd Message-ID: <20001023001256.G75251@149.211.6.64.reflexcom.com> In-Reply-To: <000701c03cab$4a7c2ce0$0200000a@garnax.com>; from erik@ezl.com on Sun, Oct 22, 2000 at 11:39:53PM -0500 References: <000701c03cab$4a7c2ce0$0200000a@garnax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 22, 2000 at 11:39:53PM -0500, Erik wrote: > I have installed: FreeBSD 4.1-RELEASE > > > Conceptually this is how I have it hooked up: > > cable (dhcp) ---(vr0)-> BSD machine --(ed0)--> hub ----> pc1 > realip x.x.x.x | > 10.0.0.2 > & 10.0.0.1 pc2 > > 10.0.0.3 Hmmm... This picture is really messed up. Using MS Outlook Express there? Don't draw ASCII pictures with a proportional font. > I think this is the useful stuff from the rc.conf file: > > ifconfig_vr0="DHCP" > gateway_enable="YES" > network_interfaces="lo0 ed0 vr0" # List of network interfaces > ivconfig_lo0="inet 127.0.0.1" # default loopback device ^ Typo, I assume? But it does not matter, the proper entry in /etc/defaults/rc.conf will be used if that is actually there. > ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0" > firewall_enable="YES" > firewall_type="OPEN" > firewall_script="/etc/firewall/fwrules" # created by me What rules are you using? Actually, the output of 'ipfw show' would be prefered. > natd_program="/sbin/natd" > natd_enable="YES" > natd_interface="vr0" > > PC1 and PC2 > win98 SE installed on both > ips: 10.0.0.2 and 10.0.0.3 and subnet mask is 255.255.255.0 > dns configuration: host: pc1 and pc2 domain: whatever.com > dns search order: x.x.x.x dns server for cable > > c:\windows\hosts.sam > 127.0.0.1 localhost > 10.0.0.1 BSD BSD.whatever.com > 10.0.0.2 PC1 PC1.whatever.com > 10.0.0.3 PC2 PC2.whatever.com > > I recompiled my kernel with IPDIVERT and IPFIREWALL as options. > I am able to access the internet from the BSD machine. > I can ping pc1(10.0.0.2) and pc2(10.0.0.3) either by ip or alias from the > BSD machine. (edited hosts) > I can telnet in to the BSD machine from pc1 or pc2 by using 10.0.0.1 (but > not aliases) A Windows problem. *shock* > What I want to do is have the BSD machine act as a firewall/router so that > my little > network has access to the internet while still being protected. I would > also like to > be able to telnet into it (lack of monitors). > > > Is there anything else I have to do to these windows machines? No, assuming that they were properly setup by whoever installed the OSes, the only thing you probably need to do is put in the network information that you mentioned above. > Is my rc.conf correct? and Should I change anything in the rc.conf file? > firewall_type="simple"? This will be whatever you make of it since you are not using the default /etc/rc.firewall where the 'firewall_type' variable is used. > natd_flags="????" > natd_flags="-f /etc/natd.conf"??? You probably do not need any of these. > What should I have in the fwrules file? Whatever firewall rules you need to set up. However, to get things started, I would suggest using the 'OPEN' firewall rules in /etc/rc.firewall and then setup your own rule file once you get that going. > what should I have in the natd.conf file? > and how would I use it? You probably do not need it. If you need to pass lots of settings to natd(8), a natd.conf file is a convenient way to do so. > Do I need to add "sysctl -w net.inet.ip.forwarding=1" to a file somewhere? No, that is precisely what the 'gateway_enable' variable does. Finally, are you actually having any problems? From what you said, you can reach all of the other machines from the FreeBSD box and the Win boxes can reach the FreeBSD machine, but you never said if there were any successes or failures with anything else. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001023001256.G75251>