From owner-freebsd-chat@FreeBSD.ORG Thu Oct 28 23:47:19 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0B7E16A4CE for ; Thu, 28 Oct 2004 23:47:19 +0000 (GMT) Received: from mxsf26.cluster1.charter.net (mxsf26.cluster1.charter.net [209.225.28.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 494DB43D54 for ; Thu, 28 Oct 2004 23:47:19 +0000 (GMT) (envelope-from collin@kreklow.us) Received: from mxip08.cluster1.charter.net (mxip08a.cluster1.charter.net [209.225.28.138])i9SNlDCw021756 for ; Thu, 28 Oct 2004 19:47:15 -0400 Received: from c68.185.189.50.mad.wi.charter.com (HELO charter.net) (68.185.189.50) by mxip08.cluster1.charter.net with SMTP; 28 Oct 2004 19:47:15 -0400 X-Ironport-AV: i="3.86,109,1096862400"; d="scan'208"; a="390634080:sNHT14164804" Date: Thu, 28 Oct 2004 18:47:12 -0500 From: "Collin J. Kreklow" To: Zhelyazko Georgiev Message-ID: <20041028234711.GA24687@jupiter.kreklow.us> References: <20041028192546.66960.qmail@web41713.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041028192546.66960.qmail@web41713.mail.yahoo.com> User-Agent: Mutt/1.5.6i cc: freebsd-chat@freebsd.org Subject: Re: Request: X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2004 23:47:19 -0000 On Thu, Oct 28, 2004 at 12:25:46PM -0700, Zhelyazko Georgiev wrote: > Dear members of the freebsd mailing list, > I'm new to freebsd and still trying to learn some Welcome to FreeBSD! > basic concepts as far as configurating it as operating > system. The question that I'm about to ask is probably > very simple so I ask for your excuse to bother you > with hat question but I'm trying to figure it out for > a long time now and still no results. No problem. A helpful hint: it is usually better to ask general questions on the -questions mailing list; -chat is mostly off-topic discussion :) > I'm trying to setup my FreeBSD 5.2 Realease to act as > a Nat router/ gateway. I compiled the kernel by > including the following options : You should consider upgrading to 5.3 (RC1, soon to be Release). That's not absolutely necessary, but it's a good idea. > options IPFIREWALL > options IPDIVERT Since you're using ipf below, you don't need IPFIREWALL and IPDIVERT. They are only used for ipfw and natd. You can leave them in if you want, they won't do anything unless you enable ipfw or natd. > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > options IPFILTER > options PFIL_HOOKS > > attached are my inetd.conf ; ipf.rules ; ipnat.rules > and rc.conf files. > > I'm able to ping both networks and access internet > from the freebsd machine. From the external network I > cannot see the internal (as it should be) from the > internal I can ping the internal IP 192.168.1.1 of my > FreeBSD box and also the external IP address > 84.21.192.168 but I'm not able to see the router of my > ISP 84.21.192.1 and for that reason I do not have > internet for the internal network. Please help me to > figure out why I'm not able to make this thing to > work. Any help is highly appreciated. Thank you in advance. Based on the information you have provided, I think we have similar setups, so I'll base my suggestions off what I'm doing here. The first place to start configuring is your rc.conf. The following options control IPFW and natd. Since you are using ipf, you should remove these from your rc.conf: > enable_firewall="YES" > firewall_type="OPEN" > firewall_quiet="YES" > natd_enable="YES" > natd_interface="rl0" > natd_flags="-f /etc/natd.rules" You should also remove this option: > inetd_enable="YES" It is not necessary because you have: > sshd_enable="YES" You also have this line twice (which should be harmless): > ifconfig_rl0="inet 84.21.192.150 netmask 255.255.255.0" I am no expert on ipf rules, so instead of commenting on what you have, I'll just show you what I've got (xl0 is external, xl1 is internal): /etc/ipf.rules: block in all block out all pass in quick on lo0 pass out quick on lo0 pass in quick on xl1 from 192.168.1.0/24 to any pass out quick on xl1 from any to 192.168.1.0/24 pass out on xl0 proto tcp from any to any flags S keep state keep frags pass out on xl0 proto udp from any to any keep state pass out on xl0 proto icmp from any to any icmp-type 8 keep state pass out on xl0 proto gre from any to any keep state /etc/ipnat.rules: map xl0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto map xl0 192.168.1.0/24 -> 0/32 Hopefully this information will get you pointed in the right direction. Collin