From owner-freebsd-newbies  Sun Jul  9 12:43: 1 2000
Delivered-To: freebsd-newbies@freebsd.org
Received: from rannoch.demon.co.uk (rannoch.demon.co.uk [158.152.110.117])
	by hub.freebsd.org (Postfix) with ESMTP id 26DE037BE11
	for <freebsd-newbies@FreeBSD.ORG>; Sun,  9 Jul 2000 12:42:52 -0700 (PDT)
	(envelope-from apbran@rannoch.demon.co.uk)
Received: from localhost (apbran@localhost)
	by rannoch.demon.co.uk (8.9.3/8.9.3) with ESMTP id TAA03386
	for <freebsd-newbies@FreeBSD.ORG>; Sun, 9 Jul 2000 19:11:01 +0100
Date: Sun, 9 Jul 2000 19:11:01 +0100 (BST)
From: Paul Branston <apbran@rannoch.demon.co.uk>
To: freebsd-newbies@FreeBSD.ORG
Subject: firewall and NAT with ISDN
Message-ID: <Pine.LNX.4.21.0007091520160.909-100000@rannoch.demon.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I have been trying for a week or more to use FreeBSD and ISDN as my
internet gateway for the home LAN. I currently use Linux for this but
decided to try OpenBSD, very nice but so support as yet for PCI ISDN
cards, so I have switched to FreeBSD.  I have the Walnut Creek book which
rather glosses over the natd part of the equation.

I have compiled a kernel for ISDN which works with the sppp and read
through the i4b guide several times. The part I am stumbling on is the
ipfw and natd setup.  I have an internal interface on an rfc 1918 IP
address connected to a hub and the other internal machines. The ppp man
page talks about an alias option but this does not appear to be in the 
sppp program.

I can connect to my ISP and do all the usual things until I use any
firewall rules. Even using the "open" config I cannot seem to get the
packets to transfer from inside to outside. The output of "ipfw list" is

00100 divert 8668 ip from any to any via isp0
00200 allow ip from any to any via lo0
00300 allow ip from any to any via ep0
00400 allow tcp from any to any out xmit isp0 setup
00500 allow tcp from any to any via isp0 established
00600 allow tcp from any to any 80 setup
00700 allow tcp from any to any 22 setup
00800 reset log logamount 100 tcp from any to any 113 in recv isp0
00900 allow udp from any to any 53 out xmit isp0
01000 allow udp from any 53 to any in recv isp0
65435 allow icmp from any to any
65435 deny log logamount 100 ip from any to any
65535 allow ip from any to any


Packet forwarding is turned on and I have the following added to 
rc.conf

firewall_enable="YES"           # Set to YES to enable firewall functionality
firewall_script="/etc/firewall" # Which script to run to set up thefirewall
natd_enable="YES"               # Enable natd (if firewall_enable == YES).
natd_interface="isp0"           # Public interface or IPaddress to use.


Can anyone spot where I am going wrong please ?

Paul



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message