From owner-freebsd-questions Tue Apr 10 7:46:41 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.biographix.com (mail.biographix.com [209.47.192.115]) by hub.freebsd.org (Postfix) with ESMTP id B9B3937B42C for ; Tue, 10 Apr 2001 07:46:34 -0700 (PDT) (envelope-from eperrin@bigorbit.com) Received: from bottleneck2000 ([192.168.1.135]) by mail.biographix.com (8.11.3/8.11.3) with SMTP id f3AEl0409987; Tue, 10 Apr 2001 10:47:00 -0400 (EDT) (envelope-from eperrin@bigorbit.com) Message-ID: <013601c0c1ce$49593260$8701a8c0@bottleneck2000> From: "Elliott Perrin" To: "Roger Svenning" , "'freebsd-questions@freebsd.org'" References: Subject: Re: routed, natd & ipfirewall [config help needed] Date: Tue, 10 Apr 2001 10:55:29 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You have to make sure that your ISP is routing your subnet to your host (possible problem, first place to look) If the ISP is not routing the 217.8.130.32/27 subnet that you are assigned to your 217.8.129.69 interface sitting on their network then the problem is there. (I actually had this problem with our last ISP, they kept removing the routes from a router and had a Junior Admin that didn't understand why they had to be there) If they are doing that already then you probably have a problem with the rules in IPFW and NATD Make sure that you run NATD with the -u option, which will translate addresses only for unregistered (RFC1918) addresses and that NATD is running on the external interface (in your layout the 217.8.129.69 interface) Check through your IPFW rules to make sure you are allowing your DMZ out to the world, eg. allow all from {DMZ} to any (don't use that rule!!!!!, it is just an example) Aside from that I have a modified rc.firewall that I used when I was still running IPFW on a three interfaced machine with LAN, DMZ and link to our ISP. Let me know if you want it. ----- Original Message ----- From: "Roger Svenning" To: "'freebsd-questions@freebsd.org'" Sent: Tuesday, April 10, 2001 10:15 AM Subject: routed, natd & ipfirewall [config help needed] > Hi > > I've been running a box with natd & ipfw for connecting our local network to > the internet and it works just fine. > > Now I want to set up a DMZ zone for servers that should be connected > directly to the net without NAT > I've added a third network card and enabled routed, but .. taadaa .. it > doesn't work quite as expected :-) > > The DMZ zone can be reached from the gateway itself and the internal > network, but not from the internet. > The routing from xl2 to xl0 trough natd works just fine. > > Can any1 give me some advice on how to set this configuration up ? > > Here's the network layout: > > 217.8.129.70 (ISP gateway) > | > -> 217.8.129.69 (xl2 interface)(255.255.255.252) > | > -> 217.8.130.62 (xl1 interface)(255.255.255.224) -> DMZ zone > | > -> 10.0.1.1 (xl0 interface)(255.255.255.0) -> Local network > > Roger O. Svenning > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message