Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Dec 1999 06:47:12 -0800
From:      "nat" <nat@unixlover.com>
To:        "Andrzej Szydlo" <andrzej@maciek.gv.edu.pl>
Cc:        <freebsd-questions@freebsd.org>
Subject:   Re: natd not working properly.. firewall help
Message-ID:  <001d01bf3c0b$02db5a60$74bdb2d1@vedika>
References:  <000c01bf3bca$123a33a0$3898b2d1@vedika> <19991201093730.B9305@gv.edu.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
unfortunately.. that did not work.
i also noticed that there are no routing daemons on start up.
i am trying to forward packets from de0->de1.
If you have any other ideas that would be great.

thanx,
nat

> Hi,
>
> On Tue, Nov 30, 1999 at 11:02:44PM -0800, nat wrote:
> > I have set up natd by the manual. I have a cable modem and two
> > nics. what i am trying to do is share the internet with other users
> > on my LAN. The cable modem is currently setup on device de1
> > properly and works for the "local" user.
> >
> > Now, throgh the clients I can only contact the network card (de1)
> > that the cable modem is connected to. I cannot contact the outside
> > network.
> >
> > The de0 interface is the one on the internal network and is set to
> > 192.168.0.1. All of the clients have this as the default router.
> >
> > these are my firewall settings (please tell me which ones are wrong):
> > #Flush out the list before we begin.
> > $fwcmd -f flush
> >
> > # divert
> > $fwcmd add 1 divert natd from any to any via de0
>
> The de0 is your internal inerface and de1 is external. You need to divert
> packets passing through external interface. change this line to
>
> $fwcmd add 1 divert natd from any to any via de1
>
> Also remember that if a packet matches a rule, no furhter rules are
checked,
> so you will probably want to change rule number from 1 to a greater one.
>
> Let me know how it works or if you need any more help.
>
> Andrzej
>
> > # allow by default
> > $fwcmd add 65000 allow all from any to any
> >
> > # 50-99: trusted hosts
> > $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224
> > $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any
> > $fwcmd add 52 allow ip from 24.1.183.147 to any
> > $fwcmd add 53 allow ip from any to 24.1.183.147
> >
> > # 1000-1999: DoS/hack prevention
> > $fwcmd add 1000 deny tcp from any to any 1080
> > $fwcmd add 1001 deny tcp from any to any 12345
> > $fwcmd add 1002 deny tcp from any to any 31337
> > $fwcmd add 1003 deny tcp from any to any 111
> > $fwcmd add 1004 deny tcp from any to any 87
> > $fwcmd add 1005 deny tcp from any to any 2049
> > $fwcmd add 1006 deny tcp from any to any 512
> > $fwcmd add 1007 deny tcp from any to any 513
> > $fwcmd add 1008 deny tcp from any to any 514
> > $fwcmd add 1009 deny tcp from any to any 515
> > $fwcmd add 1010 deny tcp from any to any 540
> >
> > *this is in the /etc/rc.firewall file.
> >
> > This is what i have set up for rc.conf:
> > firewall_enable="YES"
> > natd_enable="YES"
> > natd_interface="de0"
> > named_enable="YES"
> > gateway_enable="YES"
> >
> >
> > I think that is how you set it up.
> >
> > There is also one last strange thing that I think might be the problem.
> > Right before it prints out gateway=yes it says tcpextensions=no.
> > Im not sure what that means either.
> >
> > I am using the Cox@home network so please help me if you can.
> >
> > Thank you,
> >
> > nat



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01bf3c0b$02db5a60$74bdb2d1>