From owner-freebsd-questions Thu Oct 8 12:14:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA26568 for freebsd-questions-outgoing; Thu, 8 Oct 1998 12:14:21 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA26478 for ; Thu, 8 Oct 1998 12:14:06 -0700 (PDT) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id MAA10714; Thu, 8 Oct 1998 12:11:13 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpdt10711; Thu Oct 8 19:11:09 1998 Date: Thu, 8 Oct 1998 12:11:06 -0700 (PDT) From: Julian Elischer To: Henny Lusiana cc: freebsd-questions@FreeBSD.ORG, deni@rad.net.id Subject: Re: help me...(NATD/Ipforwarding) In-Reply-To: <361A8327.4702@rad.net.id> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG what about options IPFIREWALL? On Wed, 7 Oct 1998, Henny Lusiana wrote: > Haloo.. > > I have problem to setup NATD/Ipforwarding, I did this : > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default nmc-gtw.sby UGSc 2 1 ed0 > 10.11.2.1/32 link#2 UC 0 0 > localhost localhost UH 0 0 lo0 > 202.154.4.128/26 link#1 UC 0 0 > nmc-gtw.sby 0:a0:24:5c:11:16 UHLW 3 0 ed0 > 1187 > webek 0:a0:24:33:2c:5c UHLW 0 662 > tole 0:a0:24:37:63:17 UHLW 1 176 ed0 > 1155 > > > from sysctl -w... > > net.inet.ip.forwarding: 1 > net.inet.ip.redirect: 1 > net.inet.ip.ttl: 64 > net.inet.ip.rtexpire: 3600 > net.inet.ip.rtminexpire: 10 > net.inet.ip.rtmaxcache: 128 > net.inet.ip.sourceroute: 0 > net.inet.ip.intr_queue_maxlen: 50 > net.inet.ip.intr_queue_drops: 0 > net.inet.ip.accept_sourceroute: 0 > net.inet.ip.subnets_are_local: 0 > net.inet.icmp.maskrepl: 0 > net.inet.icmp.bmcastecho: 1 > net.inet.tcp.rfc1323: 1 > net.inet.tcp.rfc1644: 1 > net.inet.tcp.mssdflt: 512 > net.inet.tcp.rttdflt: 3 > net.inet.tcp.keepidle: 14400 > net.inet.tcp.keepintvl: 150 > net.inet.tcp.sendspace: 16384 > net.inet.tcp.recvspace: 16384 > net.inet.tcp.keepinit: 150 > > from ps awx ... > > 0 ?? DLs 0:00.01 (swapper) > 1 ?? Ss 0:00.01 /sbin/init -- > 2 ?? DL 0:00.03 (pagedaemon) > 3 ?? DL 0:00.00 (vmdaemon) > 4 ?? DL 0:01.10 (update) > 89 ?? Ss 0:00.12 syslogd > 99 ?? Is 0:00.00 portmap > 121 ?? Is 0:00.07 inetd > 124 ?? Ss 0:00.07 cron > 128 ?? Ss 0:00.02 sendmail: accepting connections on port 25 > (sendmail) > 171 ?? Is 0:00.01 moused -p /dev/cuaa0 -t microsoft > 717 ?? Ss 0:00.15 telnetd > 742 ?? Ss 0:00.01 natd -interface ed0 > 718 p0 Is 0:00.11 -bash (bash) > 719 p0 S 0:00.18 bash > 743 p0 R+ 0:00.01 ps -awx > 744 p0 S+ 0:00.01 more > 196 v0 Is 0:00.17 bash > > ed0 has a legal IP 202.154.4.174 and gw 202.154.4.129 > ep0 has an ilegal IP 10.11.2.1 > in client side i setup: > gw: 10.11.2.1 > IP: 10.11.2.2..14 netmask 255.255.255.240 > > 10.11.2.2 can ping 10.11.2.1 and 202.154.4.174, but can not ping > 202.154.4.129 (outside). > > and I already compiled the kernel (success) and added an OPTIONS > IPDIVERT > > options FFS #Berkeley Fast Filesystem > options NFS #Network Filesystem > options MSDOSFS #MSDOS Filesystem > options "CD9660" #ISO 9660 Filesystem > options PROCFS #Process filesystem > options "COMPAT_43" #Compatible with BSD 4.3 [KEEP > THIS!] > options SCSI_DELAY=15 #Be pessimistic about Joe SCSI > device > options BOUNCE_BUFFERS #include support for DMA bounce > buffers > options UCONSOLE #Allow users to grab the console > options FAILSAFE #Be conservative > options USERCONFIG #boot -c editor > options VISUAL_USERCONFIG #visual boot -c editor > options IPDIVERT > > config kernel root on wd0 > > something wrong with my procedure/configuration ? > Help me please... > Thanks > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message