Date: Wed, 25 Dec 2002 14:10:05 -0600 From: "Joe Gwozdecki" <joegw@hal-pc.org> To: "Adam Lofstedt" <lofty_2@yahoo.com>, <freebsd-questions@freebsd.org> Subject: Re: Can't route past gateway Message-ID: <014401c2ac51$9dc81860$0300000a@lyon> References: <20021225172435.68292.qmail@web12201.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Adam Lofstedt" <lofty_2@yahoo.com> To: <freebsd-questions@freebsd.org> Sent: Wednesday, December 25, 2002 11:24 AM Subject: Can't route past gateway > I tried to send a message to the list earlier, but my > email server was down. I checked the archives, but I > can't tell if my message has been posted already, so I > apologize if it has. If anyone has already replied, > could you forward your response to this address? > > I have a freeBSD machine with two NICS that I am using > as a NAT gateway. No matter what I do, clients on my > LAN can't get past the gateway. They can ping both > the interal and external interfaces of the gateway, > but can't get outside. > > I am using IPF and IPNAT as loadable kernel modules. > My /etc/rc.conf looks like this: > > gateway_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > moused_enable="YES" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="" > ipnat_enable="YES" > ipnat_program="/sbin/ipnat" > ipnat_rules="/etc/ipnat.rules" > ipnat_flags="" > ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" > ifconfig_xl0="DHCP" > inetd_enable="NO" > hostname="forcefield.mydomain.com" > > ipf -V gives this: > ipf: IP Filter: v3.4.29 (336) > Kernel: IP Flter v3.4.29 > Running: yes > Log Flags: 0 = none set > Default: pass all, Logging available > Active list:0 > > Here is dmesg showing ipfilter stuff: > IP Filter: v3.4.29 initialized. Default = pass all, > Logging = enabled > > (it also says some things at boot, like "IPFilter > module loaded", and other things about ipnat getting > flushed and loaded, but I don't know how to get dmesg > to show me exactly what it says at boot time). > > My /etc/ipf.rules file has just this for testing: > pass in all > pass out all > > My ipnat.rules file has this: > map 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000 > map 192.168.1.0/24 -> 0/32 > > In this configuration, my outside interface is getting > its info via dhcp from my cable provider. I also > tried this similar configuration at my work, using > same internal addressing scheme, but using a fixed IP > for the ext. interface with no luck. I just can't get > past the outside interface of my gateway. What am I > leaving out? And this is not a DNS issue, as I am > pinging only by ip. Do I need to add static routes or > something? > > I've googled for hours and hours already... :( > > Thanks for your help, > > Adam Lofstedt > FreeBSD cheatsheets has instructions for setting up a Dual Homed Host (2 NICs) using IPFW. It works for me. You can also get some additional information from the FreeBSD handbook about NAT. Which I also used in setting it all up. It really is quite simple. Joe Gwozdecki Houston, Texas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?014401c2ac51$9dc81860$0300000a>