Date: Mon, 9 Sep 2002 22:09:37 +0000 From: "D. Penev" <dpenev@mail.bg> To: Cherie Powell <cpowell1@mindspring.com> Cc: freebsd-questions@FreeBSD.org Subject: Re: One way cable modem/ipfilter Message-ID: <20020909220937.GA313@earth.dpsca.bg> In-Reply-To: <20020909173539.6DEE09377F@server2.fastmail.fm> References: <20020909173539.6DEE09377F@server2.fastmail.fm>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 09, 2002 at 05:35:39PM +0000, Cherie Powell wrote: >Date: Mon, 9 Sep 2002 17:35:39 UT >From: "Cherie Powell" <cpowell1@mindspring.com> >To: freebsd-questions@FreeBSD.ORG >Subject: One way cable modem/ipfilter > >I have a FreeBSD 4.4-STABLE machine in my home set up as a firewall >using ipfilter. I recently moved and my internet access went from a T1 >line to a one way cable modem. (With this setup, traffic goes out >through the modem on tun0 and in through the cable modem on vx0.) >Setting this up has been an interesting challenge. > >I first set up PPP using a standard dial-up account and got the network >working with it. With this setup, I can access the internet both from >the firewall and from machines behind the firewall (on xl0). > >Next, I tried with the cable modem. Using it, I can access the internet >from the firewall, but not from machines behind the firewall. If I run >tcpdump on the firewall and ping a site from one of the other >computers, I can see that packets are going out on tun0 and coming back >on vx0, as they are supposed to. My guess is that the system can't >figure out where to send them from there. > >The end result needs to be that the workstation sends a packet to the >firewall, which sends it out on tun0. The firewall should receive the >reply through vx0 and forward that packet back to the workstation that >originally sent the request. All of it seems to be working except for >that very last part. > >If it helps, the one instance I found of someone having this same >problem finally corrected it by putting this line in /etc/rc.firewall: >/sbin/ipfw add divert natd all from any to any via any > >I'm hoping that this could be applied to my situation using ipfilter... > >Anyone have any ideas? Please speak slowly - I'm still kind of new >at this. :-) According to you explanation I suppose that you use ppp -nat to make address translation of private ip's , that in this situation is not correct. Try to use ipnat(8) for ip translation. Create /etc/ipnat.rules: map tun0 192.168.1.0/24 -> 0/32 # change address with you private network Enable ipnat at startup. In /etc/rc.conf put: ipnat_enable="YES" I don't use this kind of configuration but I don't see why this would not work. > >Thanks, Cherie > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020909220937.GA313>