From owner-freebsd-questions Mon Dec 10 2: 6: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web20604.mail.yahoo.com (web20604.mail.yahoo.com [216.136.226.162]) by hub.freebsd.org (Postfix) with SMTP id 971CB37B416 for ; Mon, 10 Dec 2001 02:06:03 -0800 (PST) Message-ID: <20011210100603.93607.qmail@web20604.mail.yahoo.com> Received: from [136.165.81.139] by web20604.mail.yahoo.com via HTTP; Mon, 10 Dec 2001 02:06:03 PST Date: Mon, 10 Dec 2001 02:06:03 -0800 (PST) From: Donnie Jones Subject: Re: FreeBSD gateway problems To: Josh Paetzel Cc: Freebsd-questions@freebsd.org In-Reply-To: <20011209214837.D562@twincat.vladsempire.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --- Josh Paetzel wrote: > On Sun, Dec 09, 2001 at 12:37:49PM -0800, Donnie > Jones wrote: > > Hey all, > > > > I've got two ethernet cards, first one connecting > from > > my cable modem, the second going from the pc to my > > ethernet switch. I have set up the gateway and > nat to > > my best ability. Each of the internal pc's I have > > given an ip such as 192.168.0.11. I can ping the > > linux box on my internat network, but for some > reason > > windows98 is acting odd and will not let me ping > it. > > I have set the gateway to 192.168.0.1 and the ip > to > > 192.168.0.10 for this win pc, but still no avail, > any > > ideas? > > > > Also, I am not sure if I need to add some routing > > tables rules, or I heard something about adding > -nat > > to the gateway ethernet card? But, the computers > on > > my internal network can't reach the internet. I > am > > unsure how to fix this? > > > > Thanks for your time and patience, > > > > -Donnie > > Some copies of your config files would be helpful, > but here is what > needs to happen. > > 1) Gateway_enable="YES" in rc.conf > 2) natd_enable="YES" in rc.conf > 3) natd_interface="outside interface" > 4) natd_flags="-dynamic" > 5) firewall_enable="YES" > 6) firewall_script="/etc/firewall/fwrules" > > Then create a file called /etc/firewall/fwrules with > these lines: > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via > externalinterface > /sbin/ipfw add allow ip from any to any via lo0 > /sbin/ipfw add allow ip from any to any via > internalinterface > /sbin/ipfw add allow ip from any to any > > Then compile your kernel with the following two > lines: > OPTIONS IPFILTER > OPTIONS IPDIVERT > > then you should be all set. > > Josh > Thanks for the help, I'll try it out soon. Question though. Why would I want the -dynamic flag on natd? Also, in my rc.conf I have: Firewall_type="OPEN" And, if I don't have the entries for the pc's on my LAN in /etc/hosts will they still be able to connect to the internet through the gateway? Thanks again. -Donnie __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message