From owner-freebsd-questions@FreeBSD.ORG Mon Jan 10 23:37:40 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72F8C16A4CE for ; Mon, 10 Jan 2005 23:37:40 +0000 (GMT) Received: from mta6p.point.ne.jp (mta6p.point.ne.jp [210.188.175.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAB4943D3F for ; Mon, 10 Jan 2005 23:37:39 +0000 (GMT) (envelope-from pwd8jmr22w@me.point.ne.jp) Received: from vc9.point.ne.jp ([211.1.103.137]) by mta6p.point.ne.jp with ESMTP id <20050110233738.MYHC20775.mta6p@vc9.point.ne.jp> for ; Tue, 11 Jan 2005 08:37:38 +0900 Received: from fvc1-p.point.ne.jp (fvc1.point.ne.jp [210.188.175.76]) by vc9.point.ne.jp (Scanmail) with ESMTP id 128E72AA02 for ; Tue, 11 Jan 2005 08:37:38 +0900 (JST) Received: from [192.168.0.2] ([218.230.40.210]) by fvc1-p.point.ne.jp with ESMTP id <20050110233737.HKTE5387.fvc1-p@[218.230.40.210]> for ; Tue, 11 Jan 2005 08:37:37 +0900 From: Srot BULL To: freebsd-questions@freebsd.org Content-Type: text/plain Date: Tue, 11 Jan 2005 08:37:15 +0000 Message-Id: <1105432635.638.34.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: Need Guidance in my Internet Connection Sharing configuration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: pwd8jmr22w@me.point.ne.jp List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2005 23:37:40 -0000 Hello and Good Day to all, I have tried to configure my system for Internet Connection Sharing but I could not implement the configuration properly. I am afraid that this is all my mind can figure out. Please look through below and I would appreciate if you could point out the mistakes that I have done or point me to any links that would help me help solve this problem. uname -a FreeBSD r40e.point.ne.jp 5.3-STABLE FreeBSD 5.3-STABLE #1: Mon Jan 10 12:49:58 UTC 2005 root@r40e.point.ne.jp:/usr/obj/usr/src/sys/R40e i386 Kernel Configuration File: #===--- IPFIREWALL OPTIONS ---===# options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options IPFIREWALL_DEFAULT_TO_ACCEPT #=- Enables NAT Functionality -=# options IPDIVERT /etc/rc.conf hostname="r40e.point.ne.jp" #** OutBound Interface **# ifconfig_bge0="DHCP" #** Internal LAN Interface **# ifconfig_aue0="inet 10.20.30.1 netmask 255.0.0.0" gateway_enable="YES" natd_enable="YES" natd_interface="aue0" natd_flags="-dynamic -m" firewall_enable="YES" firewall_script="/etc/ipfw.rulesets" firewall_type="OPEN" firewall_quiet="YES" firewall_logging_enable="YES" This is my /etc/ipfw.rulesets: -------------------------------------------------------------------------- #!/bin/sh ipfw -q -f flush CMD="ipfw -q add" SKIP="skipto 00800" KS="keep-state" INIC="bge0" $CMD 00005 allow all from any to any via aue0 $CMD 00010 allow all from any to any via lo0 $CMD 00014 divert natd ip from any to any in via $INIC $CMD 00015 check-state $CMD 00020 $SKIP tcp from any to 192.168.0.1 53 out via $INIC setup $KS $CMD 00021 $SKIP udp from any to 192.168.0.1 53 out via $INIC $KS $CMD 00030 $SKIP udp from any to 192.168.0.1 67 out via $INIC $KS $CMD 00040 $SKIP tcp from any to any 80 out via $INIC setup $KS $CMD 00050 $SKIP tcp from any to any 443 out via $INIC setup $KS $CMD 00060 $SKIP tcp from any to any 25 out via $INIC setup $KS $CMD 00061 $SKIP tcp from any to any 110 out via $INIC setup $KS $CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root $CMD 00080 $SKIP icmp from any to any out via $INIC $KS $CMD 00090 $SKIP tcp from any to any 37 out via $INIC setup $KS $CMD 00100 $SKIP tcp from any to any 119 out via $INIC setup $KS $CMD 00110 $SKIP tcp from any to any 22 out via $INIC setup $KS $CMD 00120 $SKIP tcp from any to any 43 out via $INIC setup $KS $CMD 00130 $SKIP udp from any to any 123 out via $INIC $KS $CMD 00300 deny all from 192.168.0.0/16 to any in via $INIC $CMD 00301 deny all from 172.16.0.0/12 to any in via $INIC $CMD 00302 deny all from 10.0.0.0/8 to any in via $INIC $CMD 00303 deny all from 127.0.0.0/8 to any in via $INIC $CMD 00304 deny all from 0.0.0.0/8 to any in via $INIC $CMD 00305 deny all from 169.254.0.0/16 to any in via $INIC $CMD 00306 deny all from 192.0.2.0/24 to any in via $INIC $CMD 00307 deny all from 204.152.64.0/23 to any in via $INIC $CMD 00308 deny all from 224.0.0.0/3 to any in via $INIC #$CMD 00310 deny icmp from any to any in via $INIC $CMD 00315 deny tcp from any to any 113 in via $INIC $CMD 00320 deny tcp from any to any 137 in via $INIC $CMD 00321 deny tcp from any to any 138 in via $INIC $CMD 00322 deny tcp from any to any 139 in via $INIC $CMD 00323 deny tcp from any to any 81 in via $INIC $CMD 00330 deny all from any to any frag in via $INIC $CMD 00332 deny tcp from any to any established in via $INIC $CMD 00360 allow udp from any to 192.168.0.1 67 in via $INIC $KS #$CMD 00370 allow tcp from any to me 80 in via $INIC setup limit src-addr 2 #$CMD 00380 allow tcp from any to me 22 in via $INIC setup limit src-addr 2 #$CMD 00390 allow tcp from any to me 23 in via $INIC setup limit src-addr 2 $CMD 00400 deny log all from any to any in via $INIC $CMD 00450 deny log all from any to any out via $INIC $CMD 00800 divert natd ip from any to any out via $INIC $CMD 00801 allow ip from any to any $CMD 00999 deny log all from any to any ---------------------------------------------------------------------------- The problem with the above configuration is I do not get connected to my ADSL Modem and no internet connection at all. "netstat -r" shows nothing... Are the configuration enough for me to configure my system for Internet Connection Sharing or do I have to tweak other settings? I would really appreciate any help, hints, or advices... Thank you in advance... By the way, since this is my first try in Internet Connection Sharing...I am not that sure with my cable connections... My internal LAN Card "bge0" is connected to my ADSL Modem while my other externel USB LAN Card "aue0" is connected to my switching hub...and the other PC that I have is also connected to the hub...Is this O.K.? Srot BULL