Date: Tue, 12 Oct 2004 23:36:52 -0700 (PDT) From: sonjaya <son_jaya@yahoo.com> To: freebsd-questions@freebsd.org Subject: router in freebsd 5.2 Message-ID: <20041013063652.58332.qmail@web40909.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
dear all i newbie in freebsd , i wan create router in freebsd 5.2 here my topolgi lan(1)--lan(2)--lan(3)gw--internet lan(1)= 192.168.1.1/24 lan(2)= 172.18.2.1/16 lan(3)= 172.18.1.1/16 gw = 202.158.xx.xx 1. I wan't i can't access from lan(1) to lan(2) , also to lan(3) ( ping , etc ) 2. In lan(2) can go direct to gw ( internet) with default gw 172.18.1.1 3.i want make lan(1) connect direct to internet by gw(172.18.2.1)see point no.2 4. lan(3) linux router+NAT(IPtables) , lan(2) Freebsd 5.2 , lan(1) microsoft net i follow step in here : http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/article.html here my rc.conf ( lan(2)) rl0=172.18.2.1/16 rl1=192.168.1.1/24 hostname="gw.rt-rw.net" defaultrouter="172.18.1.1" ifconfig_rl0="inet 172.18.5.1 netmask 255.255.0.0" ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" firewall_enable="YES" firewall_type="OPEN" firewall_script="/etc/fw1" router_flags="-q" router="/sbin/routed" router_enable="YES" gateway_enable="YES" and here my firewall script ( /etc/fw1) # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd="/sbin/ipfw" # Define our outside interface. With userland-ppp this # defaults to tun0. oif="rl0" # Define our inside interface. This is usually your network # card. Be sure to change this to match your own network # interface. iif="rl1" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Check the state of all packets. $fwcmd add check-state # Stop spoofing on the outside interface. $fwcmd add deny ip from any to any in via $oif not verrevpath # Allow all connections that we initiate, and keep their state. # but deny established connections that don't have a dynamic rule. $fwcmd add allow ip from me to any out via $oif keep-state $fwcmd add deny tcp from any to any established in via $oif # Allow all connections within our network. $fwcmd add allow ip from any to any via $iif # Allow all local traffic. $fwcmd add allow all from any to any via lo0 $fwcmd add deny all from any to 127.0.0.0/8 $fwcmd add deny ip from 127.0.0.0/8 to any # Allow internet users to connect to the port 22 and 80. # This example specifically allows connections to the sshd and a # webserver. $fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state # Allow ICMP packets: remove type 8 if you don't want your host # to be pingable. $fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12 # Deny and log all the rest. $fwcmd add deny log ip from any to any until now i can ping from lan(1) to lan(3) , ofcourse lan(1) can not acces to internet . may in here can tell me what should , thx ===== SONJAYA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041013063652.58332.qmail>