From owner-freebsd-questions Wed Nov 20 15:18:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 984B737B401 for ; Wed, 20 Nov 2002 15:18:48 -0800 (PST) Received: from lakemtao04.cox.net (lakemtao04.cox.net [68.1.17.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7038743E6E for ; Wed, 20 Nov 2002 15:18:47 -0800 (PST) (envelope-from cnst@rbcmail.ru) Received: from rbcmail.ru ([68.101.14.72]) by lakemtao04.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20021120231845.PCCE1248.lakemtao04.cox.net@rbcmail.ru>; Wed, 20 Nov 2002 18:18:45 -0500 Message-ID: <3DDC1829.1080106@rbcmail.ru> Date: Wed, 20 Nov 2002 18:18:01 -0500 From: Constantine User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.1) Gecko/20020826 X-Accept-Language: en-gb, ru, en-us, en MIME-Version: 1.0 To: Marc Perisa Cc: Derrick Ryalls , freebsd-questions@FreeBSD.org Subject: Re: FreeBSD gateway References: <004201c29047$2e762e50$0200a8c0@bartxp> <3DDB0D2C.6010601@porsche.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Marc Perisa wrote: > Derrick Ryalls wrote: > >>> Hello! >>> I have installed FreeBSD 4.7 recently, and it seems it does not want >>> to work as a gateway. I have two network cards in my FreeBSD >>> computer, fxp0 for LAN and sis0 for the cable modem. I am new to >>> FreeBSD, so I am confused what the difference between gateways and >>> routers is (I was thinking they link to the same thing). I can ping >>> my FreeBSD box from winxp, I can ping internet from remote session to >>> FreeBSD, but I cannot ping internet from my winxp. >>> My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway >>> 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: >>> >>> gateway_enable="YES" >>> kern_securelevel_enable="NO" >>> nfs_reserved_port_only="YES" >>> ifconfig_sis0="DHCP" >>> ifconfig_fxp0="inet 192.168.0.18 netmask 255.255.255.0" >>> #router_enable="YES" # from handbook gateway_enable="YES" >>> firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" >>> natd_interface="sis0" >> > >>natd_flags="" #/ handbook > >> >> >> Are your ip's reversed? I think the gateway should have the .1 address >> and the xp box should use the .18 > > > Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP > box to 192.168.0.1 . All is ok with that. It is only uncommon to do. > Normally you would give the defaultgateway for a network x.y.z.1 or > x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. > >> >> Are you using the default kernel? If so, you will need to add a couple >> lines are recompile. >> >> options IPFIREWALL #firewall >> options IPDIVERT #divert sockets >> >> as for the difference between a router and a gateway, a gateway is a >> machine to deal with going from one network (lan) to another network >> (wan), I think. >> > > From your point of view (as needed for this problem) routers and > gateways are the same. In this case the FreeBSD box is acting as a > router for your internal net to the Internet. A simple router would do > the same. But for more complex routing you have to either setup gated > (or similar software) or add all rules (if they are static) by hand. > A gateway is the simplest form of a router. > >>> The last two lines from dmesg: >>> IP packet filtering initialized, divert disabled, rule-based >>> forwarding enabled, default to deny, logging disabled >>> ip_fw_ctl: invalid command >> > > That hints to a problem with the /etc/rc.firewall script (which is > called when you add to /etc/rc.conf firewall_enable="YES"). > > Please provide us with the output of "ipfw list". (You have to do that > as root of course). I think your firewall ruleset is not tuned for a > gateway situation. > > Hope that helps > > Marc > > # ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 8102 5158330 allow ip from any to any 65535 1 60 deny ip from any to any I want FreeBSD to act as a simple gateway for my LAN, but for some reason it does not want to work that way, though I have confirmed to the installation programme that I want FreeBSD to function as a gateway. What are the simplest steps I need to follow to make FreeBSD act as a gateway? (I have a fresh 4.7R installation) Thanks. Constantine To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message