From owner-freebsd-newbies Sun Jul 9 12:43: 1 2000 Delivered-To: freebsd-newbies@freebsd.org Received: from rannoch.demon.co.uk (rannoch.demon.co.uk [158.152.110.117]) by hub.freebsd.org (Postfix) with ESMTP id 26DE037BE11 for ; Sun, 9 Jul 2000 12:42:52 -0700 (PDT) (envelope-from apbran@rannoch.demon.co.uk) Received: from localhost (apbran@localhost) by rannoch.demon.co.uk (8.9.3/8.9.3) with ESMTP id TAA03386 for ; Sun, 9 Jul 2000 19:11:01 +0100 Date: Sun, 9 Jul 2000 19:11:01 +0100 (BST) From: Paul Branston To: freebsd-newbies@FreeBSD.ORG Subject: firewall and NAT with ISDN Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been trying for a week or more to use FreeBSD and ISDN as my internet gateway for the home LAN. I currently use Linux for this but decided to try OpenBSD, very nice but so support as yet for PCI ISDN cards, so I have switched to FreeBSD. I have the Walnut Creek book which rather glosses over the natd part of the equation. I have compiled a kernel for ISDN which works with the sppp and read through the i4b guide several times. The part I am stumbling on is the ipfw and natd setup. I have an internal interface on an rfc 1918 IP address connected to a hub and the other internal machines. The ppp man page talks about an alias option but this does not appear to be in the sppp program. I can connect to my ISP and do all the usual things until I use any firewall rules. Even using the "open" config I cannot seem to get the packets to transfer from inside to outside. The output of "ipfw list" is 00100 divert 8668 ip from any to any via isp0 00200 allow ip from any to any via lo0 00300 allow ip from any to any via ep0 00400 allow tcp from any to any out xmit isp0 setup 00500 allow tcp from any to any via isp0 established 00600 allow tcp from any to any 80 setup 00700 allow tcp from any to any 22 setup 00800 reset log logamount 100 tcp from any to any 113 in recv isp0 00900 allow udp from any to any 53 out xmit isp0 01000 allow udp from any 53 to any in recv isp0 65435 allow icmp from any to any 65435 deny log logamount 100 ip from any to any 65535 allow ip from any to any Packet forwarding is turned on and I have the following added to rc.conf firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/firewall" # Which script to run to set up thefirewall natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="isp0" # Public interface or IPaddress to use. Can anyone spot where I am going wrong please ? Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message