From owner-freebsd-questions@FreeBSD.ORG Wed May 7 06:16:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD81237B404 for ; Wed, 7 May 2003 06:16:24 -0700 (PDT) Received: from mail.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9311043F93 for ; Wed, 7 May 2003 06:16:23 -0700 (PDT) (envelope-from munk@mail.munk.nu) Received: from munk by mail.munk.nu with local (Exim 4.14) id 19DOmU-000G0L-21; Wed, 07 May 2003 14:16:22 +0100 Date: Wed, 7 May 2003 14:16:22 +0100 From: Jez Hancock To: Ronald Weinrich Message-ID: <20030507131622.GC59479@users.munk.nu> Mail-Followup-To: Ronald Weinrich , FreeBSD questions List References: <3EB87C2C.16955.73F15B3@localhost> <3EB8E570.5774.8DA49D3@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EB8E570.5774.8DA49D3@localhost> User-Agent: Mutt/1.4.1i Sender: User Munk cc: FreeBSD questions List Subject: Re: no route to host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2003 13:16:25 -0000 On Wed, May 07, 2003 at 10:52:32AM +0200, Ronald Weinrich wrote: > Hi Jez Hancock, > yesterday it was 4h in the morning so I had to go, I hope you get this mess. > I did what you said - > now I'm able to ping > from the firewall-box to ep0 192.168.0.1 > from the firewall-box to ed0-213.47.28.166 > > from intranet 192,168,0,xx to ep0 192.168.0.1 and > from intranet 192,168,0,xx to ed0 213.47.28.166 > from intranet not to the DNS1-box in inet 213.47.28.160/8 on 213.47.28.162 or to the > router 213.47.28.161 > I guess that's the reason I can't conect to the internet > (does 160/8 mean 160 -175?) > from outside 213.47.28.160/8 to ed0 213.47.28.166 works > > is that a ipnat problem? or a routing problem? > I add > > Try adding a simple /etc/ipf.rules ruleset: > > pass out all > > pass in all > > ipfilter_enable="YES" > > ipfilter_rules="/etc/ipf.rules" > > you have no entry for the ep0 interface and your ifconfig output > > suggests ep0 isn't active (or even present). > therefore I run a script at boot-time > ifconf.sh > #!/bin/sh > /sbin/ifconfig ep0 down > /sbin/ifconfig ep0 inet 192.168.0.1 netmask 0xffffff00 broadcast > 192.168.5.255 > /sbin/ifconfig ep0 up > [ -x /sbin/ipnat ] && /sbin/ipnat -CF -f /etc/ipnat.conf && ipf - > y && echo -n 'ipnat' No - all your network interface configuration at boot time is done using the 'ifconfig_' lines in /etc/rc.conf. A good thing to do if you're familiar with shell scripting and unsure how something is initiated at boot time is to grep for a keyword in the /etc/ directory. For example, say in this case you're wondering how your network interfaces are initiated at boot time. You know the command you use to configure a network interface is 'ifconfig' so you grep for 'ifconfig' in /etc. Doing this yields quite a few 'hits': [13:51:41] root@users /root# grep ifconfig /etc/* /etc/pccard_ether:# pccard_ether interfacename [start|stop] [ifconfig option] /etc/pccard_ether:case ${pccard_ifconfig} in /etc/pccard_ether: eval ifconfig_${interface}=\${pccard_ifconfig} /etc/rc.network: ifconfig ${ifn} create /etc/rc.network: # to go _before_ the general ifconfig section, since in the case /etc/rc.network: # gifconfig /etc/rc.network: network_interfaces="`ifconfig -l`" In this case you think, 'ah ok /etc/rc.network must be where my network ifaces are init'd', so you go investigate /etc/rc.network in your editor... The /etc/rc.network file isn't that hard to understand and worth reading through a few times. The gist of it is that to bring up a network interface at boot time you add a line in /etc/rc.conf along the lines: ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240" Now this line above is used in /etc/rc.network to build the command that freebsd executes on boot. The command resolves to: ifconfig ed0 inet 213.47.28.166 netmask 255.255.255.240 and will be executed at boot. So, if you have additional interfaces you need configuring you should add extra ifconfig_ lines to /etc/rc.conf. In this case, add a line for ep0, the netmask you want is 255.255.255.0. A line like this should do: ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0" (Incidentally this is all the /stand/sysinstall application does). This line means ep0 will be brought up and will accept connections on 192.168.0.1 from any host on the same network. In this case, the 'same network' is any machine on 192.168.0.1/255.255.255.0 - any machine in the range 192.168.0.1 - 192.168.0.255 will be able to talk to your machine on the network interface ep0 (I think this is right, sure someone will correct me if not!). I would recommend you read this thread through fully a few times: http://marc.theaimsgroup.com/?l=freebsd-questions&m=105163580919140&w=2 for information on netmasking - it covers how netmasking works with particular relevance to FreeBSD. To work out netmask ranges this calculator is good: http://www.telusplanet.net/public/sparkman/netcalc.htm The page is IMO a bit intimidating, but as an example for the 192.168.0.1 255.255.255.0 you'd enter 192.168.0.1 and 255.255.255.0 in the second form on that page and then click 'calculate'. You can then click on 'Explain' for an explanation of how your particular calculation was worked out and what it means. Hope that helps anyway, Jez