From owner-freebsd-questions@FreeBSD.ORG Mon Aug 23 23:00:20 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 877D616A4CE for ; Mon, 23 Aug 2004 23:00:20 +0000 (GMT) Received: from audiogram.mail.pas.earthlink.net (audiogram.mail.pas.earthlink.net [207.217.120.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65EBA43D48 for ; Mon, 23 Aug 2004 23:00:20 +0000 (GMT) (envelope-from hakim.singhji@earthlink.net) Received: from user-0cceq8c.cable.mindspring.com ([24.199.105.12] helo=earthlink.net) by audiogram.mail.pas.earthlink.net with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34) id 1BzNnY-0001dY-1J; Mon, 23 Aug 2004 16:00:20 -0700 Message-ID: <412A773C.402@earthlink.net> Date: Mon, 23 Aug 2004 19:01:16 -0400 From: "Hakim Z. Singhji" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040115 X-Accept-Language: en-us, en MIME-Version: 1.0 To: hzs202@nyu.edu References: <41296B50.6000900@earthlink.net> In-Reply-To: <41296B50.6000900@earthlink.net> X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050605070901000200030301" X-ELNK-Trace: 59e746354e49a56ad5e26e230a8c4dea74bf435c0eb9d478a9da1eeeded3570f273ed0d4e7e251e763f7659697e35f42350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 24.199.105.12 cc: freebsd-questions@freebsd.org Subject: Re: Network Routing Problems??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Aug 2004 23:00:20 -0000 This is a cryptographically signed message in MIME format. --------------ms050605070901000200030301 Content-Type: multipart/mixed; boundary="------------080608000207010102080305" This is a multi-part message in MIME format. --------------080608000207010102080305 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, I want to thank everyone for there help...attached are the config files for my FreeBSD gateway. I have rc.conf, ipfw rule-set and my natd.conf file. I thought that I took care of incoming traffic, maybe you all can help me and show me if I missed anything. Thank in advance Hakim Z. Singhji wrote: | Hello All, | | I am having problems getting a connection to my FreeBSD gateway from my | Mandrake 10 Linux Machine. I am able to ping, traceroute, ssh etc. the | linux box from my freeBSD machine however I am not able to ping the | gateway. What could be the problem, this is my configuration: | | FreeBSD: Gateway, IPFW & NAT running | HOSTNAME="redgate" | dc0 - 24.199.***.*** [DHCP] | txp0 - 192.168.1.1 | txp1 - unassigned | | Mandrake 10: Workstation | HOSTNAME="metalgate" | | [root@metalgate:] route | Destination Gateway Genmask Interace | 192.168.1.0 * 255.255.255.0 eth0 | 127.0.0.0 * 255.0.0.0 lo0 | default 192.168.1.1 0.0.0.0 eth0 | | [root@metalgate:] ifconfig eth0 | eth0 link encap: Ethernet HiWadd:00:0D:87:27:C7:80 | inet 192.168.1.3 broadcast 192.168.1.255 mask /24 | UP BROADCAST RUNNING MULTICAST MTU 1500 metric 1 | | [root@metalgate:] ping 192.168.1.1 | - ----------- redgate ping statistics--------------------- | 31 packets transmitted, 0 received, 100% packet loss | | _______________________________________________ | freebsd-questions@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-questions | To unsubscribe, send any mail to | "freebsd-questions-unsubscribe@freebsd.org" | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBKnc8lT9WV6TztkoRAn09AJ4iP8AS/Ai+vh4lyrCwsXe5/dyYaQCgg2JM uEE8jHfxVr0Zevb4zTufpgs= =Bsc7 -----END PGP SIGNATURE----- --------------080608000207010102080305 Content-Type: text/plain; name="freebsd_rc.conf.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="freebsd_rc.conf.txt" ############################### # RC.CONF FILE ############################### ############ Network ########## gateway_enable="YES" network_interfaces="dc0 txp0 txp1" hostname="redgate.ath.cx" ifconfig_dc0="DHCP" ifconfig_txp0="inet 192.168.1.1/24" ifconfig_txp1="inet 192.168.1.2/24" natd_enable="dc0" natd_flags="-s -u -f /etc/natd.conf" ############# IPFW ############ firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/ipfw.rules" firewall_quiet="NO" firewall_logging_enable="YES" ## Extra Firewalling Options ## log_in_vain="YES" tcp_drop_synfin="NO" tcp_restrict_rst="YES" icmp_drop_redirect="YES" ######## MISC RC Rules ######### ... --------------080608000207010102080305 Content-Type: text/plain; name="ipfw_rules.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw_rules.txt" ################################ # IPFW.RULES ################################ add 00100 allow ip from any to any via lo0 add 00101 deny ip from any to 127.0.0.0/8 # from man ipfw: allow only tcp connections I've created add 00300 check-state add 00301 deny tcp from any to any in established add 00302 allow tcp from any to any out setup keep-state # allow DNS/UDP Packets add 00400 allow udp from 207.69.188.185 53 to any in recv dc0 add 00401 allow udp from 207.69.188.186 53 to any in recv dc0 add 00402 allow udp from 207.69.188.187 53 to any in recv dc0 add 00403 allow udp from any to any out # allow DHCP add 00500 allow udp from any 68 to 24.29.99.105. 67 out via dc0 add 00501 allow udp from 24.29.99.105 67 to any 68 in via dc0 # uncomment rules 00502 and 00503 if ISP's DHCP server has problems #add 00502 allow udp from any 68 to 255.255.255.255 67 out via dc0 #add 00503 allow udp from any 67 to 255.255.255.255 68 in via dc0 #allow some icmp types (codes not supported) add 00600 allow icmp from any to any icmptypes 3 #allow source quench in and out add 00601 allow icmp from any to any icmptypes 4 #allow me to ping out and receive response back add 00602 allow icmp from any to any icmp types 8 out add 00603 allow icmp from any to any icmptypes 0 in #allow me to run traceroute add 00604 allow icmp from any to any icmptypes 11 in --------------080608000207010102080305 Content-Type: text/plain; name="nat.conf.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="nat.conf.txt" ################################## # NAT.CONF ################################## # I'm not at all sure if this is ok for "diverting" these packets # to my private network machines ip and port numbers??? redirect_port tcp 192.168.1.3:110 110 #pop3 redirect_port udp 192.168.1.3:110 110 #pop3 redirect_port tcp 192.168.1.3:25 25 #smtp redirect_port udp 192.168.1.3:25 25 #smtp redirect_port tcp 192.168.1.3:80 80 #http redirect_port udp 192.168.1.3:80 80 #http --------------080608000207010102080305-- --------------ms050605070901000200030301 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJQzCC AvwwggJloAMCAQICAwy3+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNzIwMDQzNzI5WhcNMDUwNzIwMDQzNzI5 WjBmMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQGA1UEAxMNSGFraW0g U2luZ2hqaTEqMCgGCSqGSIb3DQEJARYbSEFLSU0uU0lOR0hKSUBFQVJUSExJTksuTkVUMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUTeR/QpDdsw+moCLYMMcdlPychYSTlS iSyHfT3WQjvd2Bv0zFAaZoexll3Ml074YKvy/pLocnU3q07KaBnBdrbn6voqtEK6CaPYRwSg 9vjifE2UPm7bhNaqZ8vYno+bcHeG1XxrrmE3qc84rryC2LkQWdNDi63UeMP7vYJV0k6w+vEj w0kytOUoMen5hH7NwTR+4AMUedJ7dIUbKrpDlaPgvUTJOYye9l1QVGpL5+ZNtXzuCv/jR5Wl XvdRj2oCHK7L5MPe7Q2eqrvM0JivKGh7przQyirPSA3SNdqNx9gVt5+JyVR9dMj3KMpmdWdM J1iTemuKolFxhOlQOtmRawIDAQABozgwNjAmBgNVHREEHzAdgRtIQUtJTS5TSU5HSEpJQEVB UlRITElOSy5ORVQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCFSpTAHGfH1Uej 0PdNtj5O8ZA/Iphf/YBrXiqFmhh+4+FqY46oWdpiBNtAWIisq3AXzpMwCZZYCqn+5Fqen035 amiUi5Q7K+xW0gG5EX+QWdbWPSEzTzL5WJ7N80Gee0WEcf3y7j2iipn7uegA/G5tmtQa7aAm cKoboChJcD8gXTCCAvwwggJloAMCAQICAwy3+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQG EwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNzIwMDQzNzI5WhcN MDUwNzIwMDQzNzI5WjBmMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQG A1UEAxMNSGFraW0gU2luZ2hqaTEqMCgGCSqGSIb3DQEJARYbSEFLSU0uU0lOR0hKSUBFQVJU SExJTksuTkVUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUTeR/QpDdsw+moC LYMMcdlPychYSTlSiSyHfT3WQjvd2Bv0zFAaZoexll3Ml074YKvy/pLocnU3q07KaBnBdrbn 6voqtEK6CaPYRwSg9vjifE2UPm7bhNaqZ8vYno+bcHeG1XxrrmE3qc84rryC2LkQWdNDi63U eMP7vYJV0k6w+vEjw0kytOUoMen5hH7NwTR+4AMUedJ7dIUbKrpDlaPgvUTJOYye9l1QVGpL 5+ZNtXzuCv/jR5WlXvdRj2oCHK7L5MPe7Q2eqrvM0JivKGh7przQyirPSA3SNdqNx9gVt5+J yVR9dMj3KMpmdWdMJ1iTemuKolFxhOlQOtmRawIDAQABozgwNjAmBgNVHREEHzAdgRtIQUtJ TS5TSU5HSEpJQEVBUlRITElOSy5ORVQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB gQCFSpTAHGfH1Uej0PdNtj5O8ZA/Iphf/YBrXiqFmhh+4+FqY46oWdpiBNtAWIisq3AXzpMw CZZYCqn+5Fqen035amiUi5Q7K+xW0gG5EX+QWdbWPSEzTzL5WJ7N80Gee0WEcf3y7j2iipn7 uegA/G5tmtQa7aAmcKoboChJcD8gXTCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV +065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8 MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/ TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIID NwIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID DLf6MAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN AQkFMQ8XDTA0MDgyMzIzMDExNlowIwYJKoZIhvcNAQkEMRYEFOxKDCUGNgCiKsu1jheGacTu loJHMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMt/owegYLKoZI hvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu ZyBDQQIDDLf6MA0GCSqGSIb3DQEBAQUABIIBAHyjsjzdwXYimLqzDOLs7MkuYmAOuiehj3b7 oH2OTsN6/Q1whwolpEowhD2tkzFCSoge4QV9cXaeDTHmicuNW+OCXzZqdMPLeiHxhmnovIZs xOZl6JOUR/G1aihjSvh9wMJpuP2jCiutfCTOg6Bkrz0lvfqoaakNnOgnV3Y9sK9KLJOT9yIX Rz69SMZb5SJdXu5DktoW6C74Ma9uNKw7kKCtUYAOw+qBMK8/M6Hhe/e2KMdkrjmK2Swiwppd 4sF64vJ/K3IuKqQwqY+vDzEwPfiHeZ5fkPvcTvmj5VdLEhGnEYbYkt3X3gSHnYV2JWU49Hio TopdVNiCKEPt/fFyCAoAAAAAAAA= --------------ms050605070901000200030301--