Date: Wed, 21 Oct 1998 07:59:39 -0700 (PDT) From: Bryce Newall <data@dreamhaven.net> To: "Cambria, Mike" <mcambria@lucent.com> Cc: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: Re: More IPFW/natd trouble, but I'm close! Message-ID: <Pine.NEB.3.96.981021074721.437T-100000@ds9.dreamhaven.org> In-Reply-To: <75ADD7496F0BD211ADC000104B8846CF056A0A@Rerun.Lucentctc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Oct 1998, Cambria, Mike wrote:
> Once you have everything working, could you list what you did and post to
> the list. I'm sure lots of people will be doing what you are in the future.
Sure thing. :) Here you go, Mike, and everyone:
1) Added a second ethernet card (identical 3C590 as existing) to my
system.
2) Recompiled kernel to add support for 2nd card (by adding "device vx1"
to kernel config file) as well as adding "options IPFIREWALL" and "options
IPDIVERT".
3) Changed "firewall_enable" to YES and "firewall_type" to OPEN in
/etc/rc.conf.
4) Added vx1 to list of network_interfaces in /etc/rc.conf. vx0 is not in
the list because it is taken care of by my DHCP client. I.e. vx1 is the
interface to my internal network and is configured at boot time; vx0 is
the interface to my cable modem and the outside world, and is configured
by the DHCP client. (Note on DHCP below...)
5) Changed "gateway_enable" to YES in /etc/rc.conf.
6) Changed /etc/rc.firewall from mode 644 to 755, and added the following
line:
$fwcmd add divert natd all from any to any via vx0
In the section that handles firewalls of type "OPEN", right above the
existing line:
$fwcmd add 65000 pass all from any to any
7) Added a command to /etc/rc.local to start up natd:
/usr/sbin/natd -dynamic -interface vx0
The -dynamic option is required for me because of the fact that my cable
ISP uses DHCP rather than static IP addresses. That switch tells natd to
watch for changes of IP on the specified interface and adjust the routing
tables accordingly.
Speaking of DHCP, here's the note I mentioned earlier: I use the ISC DHCP
client, and while you specify which interface to use on the dhclient
command line, it has an annoying habit of resetting *all* interfaces in
your system to an IP of 0.0.0.0, and then it sets the IP of the specified
interface to the IP it gets from the DHCP Server, but it leaves the others
at 0.0.0.0 (grrrr). Soooo, to get around that, I just added a line to the
/etc/dhclient-script that dhclient runs when it gets an IP to reconfigure
vx1 back to an IP of 10.0.0.1:
ifconfig vx1 10.0.0.1 netmask 255.0.0.0 broadcast 10.0.0.255
If anyone knows of a way around this, I'm all ears... :) Or should I say
all eyes? But at any rate, this is what I did to get everything working.
And I owe a large debt of gratitude to the various people on this list who
helped me get everything working!!! Thanks, guys.
**********************************************************************
* Bryce Newall * Email: data@dreamhaven.net *
* WWW: http://home.dreamhaven.net/~data *
* "Insanity takes its toll. Please have exact change." *
**********************************************************************
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.981021074721.437T-100000>