Date: Sat, 23 Feb 2002 19:32:22 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Christopher Johannsen <chris@rimrockpc.com> Cc: questions@FreeBSD.ORG Subject: Re: IPFW and NAT Woes Message-ID: <Pine.BSF.4.21.0202231928020.42776-100000@cody.jharris.com> In-Reply-To: <200202231633.AA127860872@rimrockpc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Feb 2002, Christopher Johannsen wrote: > I have been trying to get NAT and IPFW running on my home machine > FreeBSD4.3 Release to turn it into a Broadband firewall. I have one > ISA Realtek 10MB card and 1 Realtek 10/100 PCI NIC and a 3com Cable > modem. I have compiled the IPFIREWALL_VERBOSE and IPDIVERT options > into the kernel and added: > > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="ed1" > > to my rc.conf. My internal net is using the 192.168.1 network > address. My exterenal nic is using DHCP. Internal IP is 192.168.1.5. > Here's the problem. Once the machine is up I can ping names and > numbers from the Gateway machine to the outside world and I can ping > to the inside network from the gateway. I can ping both interfaces > from my machine on the network but I cannot ping internet addresses > from inside the network. It seems like the NAT is not working > properly. I am able to access my gateway machine from the outside > world through SSH. Below is a copy of my rc.conf: > > gateway_enable="YES" > hostname="hornet" > network_interfaces="rl0 ed1" > ifconfig_rl0="inet 192.168.1.5 netmask 255.255.255.0" > ifconfig_ed1="DHCP" > inetd_enable="YES" > linux_enable="YES" > sendmail_enable="NO" > sshd_enable="YES" > log_in_vain="YES" > ipfilter_enable="YES" > ipfilter_flags="" > ipmon_enable="YES" > ipmon_flags="-Dsvn" Turn ipfilter and ipmon stuff off...you don't need it when running ipfw. > ntpdate_enable="YES" > ntpdate_flags="ogden.bendnet.com" > firewall_enable="YES" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="ed1" > natd_flags="-redirect_port tcp 192.168.1.5:22 22" > This setup looks ok. As long as ed1 is your outside interface. What does `ifconfig` show? > Any ideas or suggestion are appreciated. Thanks in advance! What does `ipfw -a l` show? Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0202231928020.42776-100000>