Date: Sun, 30 Jul 2000 12:19:13 -0700 From: "Crist J. Clark" <cjc@cjc-desktop.reflexcom.com> To: Konan Houphoue <bahobab@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG, steve@zpfe.com Subject: Re: IPFW and NAT question Message-ID: <20000730121913.J7953@cjc-desktop.reflexcom.com> In-Reply-To: <F273GwQ21ju2iDL6e5f00001632@hotmail.com>; from bahobab@hotmail.com on Sun, Jul 30, 2000 at 12:24:34PM -0500 References: <F273GwQ21ju2iDL6e5f00001632@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[This mail was resent due to delivery problems. If you have received it
twice, please ignore. Sorry for any inconvenience.]
On Sun, Jul 30, 2000 at 12:24:34PM -0500, Konan Houphoue wrote:
> Hi,
>
> I have configured my FreeBSD 4.0 Pentium 233Mhz based PC as a firewall to
> the Internet using a DSL connection.
>
> I use a public IP (207.208.254.234) gateway (207.208.254.1).
>
> >From this machine I can access the Internet. However the machines on my
> private network cannot.
>
> My public interface is fxp0 (intel Ether Express Pro 10/100 B), and my
> private interface is xl0 (3Com 3c905B-TX Fast EtherLink XL) using
> 192.168.1.2
>
> Any hots on the private segment 192.168.1 can successfully ping the public
> interface fxp0.
>
> The problem is that I cannot rich anything beyond fxp0, not even the IP
> address of the gateway on the ISP that is on the same segment as fxp0. For
> example a traceroute hug.freebsd.org fails.
>
> I have configured all the necessary files for IPFW ant natd and rebuilt the
> kernel successfully.
>
> I read in natd man pages that there is a -dynamic option to use, but I did
> not see it in the configuration walkthrough in the Handbook.
> Where else should I look?8
> Can someone please help?
It would help if you showed us all of the configurations you did to
the necessary files. The necessary files being rc.conf, the firewall
script, and the natd config file if used. The '-dynamic' flag probably
has nothing to do with this problem.
The description of your problem brings a few things to mind:
1) Is forwarding enabled? In rc.conf,
gateway_enable="YES"
Or on the running system,
# sysctl -w net.inet.ip.forwarding=1
2) Is natd(8) actually running? Try,
# ps x | grep natd
(Check, you'd be surprised how often that is the problem.)
3) Do you have the divert rule in your firewall working properly?
Look at,
# ipfw show
And make sure the rules and numbers make sense.
4) Are you actually blocking yourself somewhere in the firewall?
This is not likely since the gateway itself would probably not be
reachable if you were.
If none of those help, try sending your configuration to the
list. HTH.
--
Crist J. Clark cjclark@alum.mit.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000730121913.J7953>