Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jun 1998 13:24:08 -0500
From:      Edwin Culp <eculp@webwizard.org.mx>
To:        Joe Schwartz <rjoe@sierrahill.com>
Cc:        freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject:   [Fwd: Re: routing issue]
Message-ID:  <358EA148.6513CABD@webwizard.org.mx>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.

--------------14049ECB962959A7A7BB842
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I screwed up on my email configuration. Message never got out.

sorry,  Hope it's still useful.

ed

--------------14049ECB962959A7A7BB842
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Message-ID: <358E65D7.7A926B2B@mexcom.net>
Date: Mon, 22 Jun 1998 09:10:31 -0500
From: Edwin Culp <eculp@mexcom.net>
Organization: Mexico Communicates
X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.14 i586)
MIME-Version: 1.0
To: Joe Schwartz <rjoe@sierrahill.com>
CC: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: routing issue
References: <199806221326.IAA05713@sierrahill.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

think that you need natd and ipfw on the gateway machine.

first in your kernel config file add something like:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about
options         IPDIVERT                #divert sockets
options         "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
default

recompile

edit rc.conf something like this:

firewall_enable="YES"           # Set to YES to enable firewall
functionality
firewall_type="open"            # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
natd_enable="YES"               # Enable natd (if firewall_enable ==
YES).
natd_interface="ep0"            # Public interface to use with natd.
natd_flags="-v -s -m -u "                # Additional flags for natd.

the up to date rc.firewall file seems to work fine
I did move the natd inicialzation in rc.network to
the begining of ipfw it may not have been necessary
but since it works, I haven't fixed it.  The problem
was that natd didn't start.  (Don't forget to comment
out the orginal natd inicialization) You might want
to do this if natd doesn't start after reboot.
ps -ax|grep natd.  You can start it manually if
necessary and everything should work.

# cut and paste from rc.network

    # Initialize IP filtering using ipfw
    echo -n "natd repositioned in rc.network"
natd -v -s -m -u -n ep0
    # test and fix.  Next line is part of original file.
    /sbin/ipfw -q flush > /dev/null 2>&1

By this time you should be recompiled and ready for a reboot:-)

Don't worry, if I forgot something your machine won't work :-)

provecho

ed

Joe Schwartz wrote:
> 
> Folks,
> 
> I want to use a FreeBSD machine as an Internet host with 2
> ethernet cards. One card on an Internet subnet and the other
> card to service the internal private network.
> 
> I'm having trouble getting it to route between the 2 interfaces.
> 
> I have 3 machines setup for a test.
> 
> machine a:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 207.8.11.165 netmask 0xfffffff8 broadcast 207.8.11.167
>         ether 00:a0:24:11:c7:19
> 
> machine b:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 207.8.11.166 netmask 0xfffffff8 broadcast 207.8.11.167
>         ether 00:10:4b:29:aa:a7
> ep1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>         ether 00:10:4b:20:94:3a
> 
> machine c:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
>         ether 00:10:4b:29:ab:da
> 
> machine a's default route is set to 207.8.11.166
> machine c's default route is set to 192.168.1.1
> 
> machine b has a route between the 2 interfaces by issuing: (but doesn't work)
> 
> route add -net 192.168.1.0 207.8.11.166 0
> 
> machine b can ping machine a and c
> 
> machine a can ping:
> 207.8.11.166 and 192.168.1.1 but not 192.168.1.2
> 
> machine c can ping:
> 192.168.1.1  and 207.8.11.166 but not 207.8.11.165
> 
> ==============================================================
> 
> In /etc/rc.conf I've got:
> 
> gateway_enable="YES"
> router_enable="YES"
> 
> Machine b ISN'T routing between the 2 interfaces. Any suggestions?
>           -----
> I have several machines set up like this for clients working perfectly
> under FreeBSD 2.1.x.
> 
> Does FreeBSD 2.2.x expect a subtle difference somehow? Is my 'route add'
> command incorrect?
> 
> HELP!!
> THANKS,
> 
> Joe
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

--------------14049ECB962959A7A7BB842--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?358EA148.6513CABD>