Date: Wed, 25 Dec 2002 09:24:35 -0800 (PST) From: Adam Lofstedt <lofty_2@yahoo.com> To: freebsd-questions@freebsd.org Subject: Can't route past gateway Message-ID: <20021225172435.68292.qmail@web12201.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
I tried to send a message to the list earlier, but my email server was down. I checked the archives, but I can't tell if my message has been posted already, so I apologize if it has. If anyone has already replied, could you forward your response to this address? I have a freeBSD machine with two NICS that I am using as a NAT gateway. No matter what I do, clients on my LAN can't get past the gateway. They can ping both the interal and external interfaces of the gateway, but can't get outside. I am using IPF and IPNAT as loadable kernel modules. My /etc/rc.conf looks like this: gateway_enable="YES" kern_securelevel_enable="NO" linux_enable="YES" moused_enable="YES" nfs_reserved_port_only="YES" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" ipfilter_enable="YES" ipfilter_program="/sbin/ipf" ipfilter_rules="/etc/ipf.rules" ipfilter_flags="" ipnat_enable="YES" ipnat_program="/sbin/ipnat" ipnat_rules="/etc/ipnat.rules" ipnat_flags="" ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_xl0="DHCP" inetd_enable="NO" hostname="forcefield.mydomain.com" ipf -V gives this: ipf: IP Filter: v3.4.29 (336) Kernel: IP Flter v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging available Active list:0 Here is dmesg showing ipfilter stuff: IP Filter: v3.4.29 initialized. Default = pass all, Logging = enabled (it also says some things at boot, like "IPFilter module loaded", and other things about ipnat getting flushed and loaded, but I don't know how to get dmesg to show me exactly what it says at boot time). My /etc/ipf.rules file has just this for testing: pass in all pass out all My ipnat.rules file has this: map 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000 map 192.168.1.0/24 -> 0/32 In this configuration, my outside interface is getting its info via dhcp from my cable provider. I also tried this similar configuration at my work, using same internal addressing scheme, but using a fixed IP for the ext. interface with no luck. I just can't get past the outside interface of my gateway. What am I leaving out? And this is not a DNS issue, as I am pinging only by ip. Do I need to add static routes or something? I've googled for hours and hours already... :( Thanks for your help, Adam Lofstedt __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021225172435.68292.qmail>