From owner-freebsd-questions Wed Dec 25 9:24:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF2F337B401 for ; Wed, 25 Dec 2002 09:24:35 -0800 (PST) Received: from web12201.mail.yahoo.com (web12201.mail.yahoo.com [216.136.173.85]) by mx1.FreeBSD.org (Postfix) with SMTP id B66A343EC5 for ; Wed, 25 Dec 2002 09:24:35 -0800 (PST) (envelope-from lofty_2@yahoo.com) Message-ID: <20021225172435.68292.qmail@web12201.mail.yahoo.com> Received: from [12.228.0.200] by web12201.mail.yahoo.com via HTTP; Wed, 25 Dec 2002 09:24:35 PST Date: Wed, 25 Dec 2002 09:24:35 -0800 (PST) From: Adam Lofstedt Subject: Can't route past gateway To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I tried to send a message to the list earlier, but my email server was down. I checked the archives, but I can't tell if my message has been posted already, so I apologize if it has. If anyone has already replied, could you forward your response to this address? I have a freeBSD machine with two NICS that I am using as a NAT gateway. No matter what I do, clients on my LAN can't get past the gateway. They can ping both the interal and external interfaces of the gateway, but can't get outside. I am using IPF and IPNAT as loadable kernel modules. My /etc/rc.conf looks like this: gateway_enable="YES" kern_securelevel_enable="NO" linux_enable="YES" moused_enable="YES" nfs_reserved_port_only="YES" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" ipfilter_enable="YES" ipfilter_program="/sbin/ipf" ipfilter_rules="/etc/ipf.rules" ipfilter_flags="" ipnat_enable="YES" ipnat_program="/sbin/ipnat" ipnat_rules="/etc/ipnat.rules" ipnat_flags="" ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_xl0="DHCP" inetd_enable="NO" hostname="forcefield.mydomain.com" ipf -V gives this: ipf: IP Filter: v3.4.29 (336) Kernel: IP Flter v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging available Active list:0 Here is dmesg showing ipfilter stuff: IP Filter: v3.4.29 initialized. Default = pass all, Logging = enabled (it also says some things at boot, like "IPFilter module loaded", and other things about ipnat getting flushed and loaded, but I don't know how to get dmesg to show me exactly what it says at boot time). My /etc/ipf.rules file has just this for testing: pass in all pass out all My ipnat.rules file has this: map 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000 map 192.168.1.0/24 -> 0/32 In this configuration, my outside interface is getting its info via dhcp from my cable provider. I also tried this similar configuration at my work, using same internal addressing scheme, but using a fixed IP for the ext. interface with no luck. I just can't get past the outside interface of my gateway. What am I leaving out? And this is not a DNS issue, as I am pinging only by ip. Do I need to add static routes or something? I've googled for hours and hours already... :( Thanks for your help, Adam Lofstedt __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message