From owner-freebsd-questions@freebsd.org  Tue Oct 24 12:22:26 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C26A9E4BA64
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 24 Oct 2017 12:22:26 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3B6DA818EB
 for <freebsd-questions@freebsd.org>; Tue, 24 Oct 2017 12:22:25 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id v9OCKeQR038637;
 Tue, 24 Oct 2017 23:20:44 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Tue, 24 Oct 2017 23:20:40 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Trond.Endrestol@fagskolen.gjovik.no
cc: Efren Bravo <efrenba@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: Routing problem
In-Reply-To: <mailman.87.1508846402.5945.freebsd-questions@freebsd.org>
Message-ID: <20171024230440.N32145@sola.nimnet.asn.au>
References: <mailman.87.1508846402.5945.freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 12:22:26 -0000

In freebsd-questions Digest, Vol 699, Issue 2, Message: 8
On Mon, 23 Oct 2017 22:30:26 +0200 (CEST)
Trond Endrest?l <Trond.Endrestol@fagskolen.gjovik.no> wrote:
 > On Mon, 23 Oct 2017 15:19-0400, Efren Bravo wrote:
 > 
 > > Hi there,
 > > 
 > > I installed a FreeBSD 10.1 box and upgraded to 10.4. I tried to configure
 > > this box as a FW but I can't get ping works from inside LAN to outside
 > > world, neither any tcp/upd connection. Basic configs:
 > > 
 > > router ip: 190.92.124.89
 > > 
 > > kernel (recompiled & installed OK):
 > > a lot of innecesary things disabled before recompilation
 > > ---
 > > options IPFILTER
 > > options IPFILTER_LOG
 > > options IPFILTER_LOOKUP
 > > options IPFILTER_DEFAULT_BLOCK
 > > 
 > > /etc/rc.conf
 > > ---
 > 
 > > #WAN
 > > ifconfig_re0="inet 190.92.124.90 netmask 255.255.255.248"
 > 
 > Public IPv4 address space.
 > 
 > > # LAN
 > > ifconfig_em0="inet 10.170.0.1 netmask 25.255.255.128"
 > 
 > Private IPv4 address space.
 > 
 > Do you plan on setting up NAT44 on this box? You should if you want 
 > this setup to work as expected.

Indeed, some variety of NAT daemon.  But also ..

 > > defaultrouter="190.92.124.89"
 > > gateway_eanble="YES"

.. that needs to be 'gateway_enable'.

 % grep -wA7 gateway_enable /etc/rc.d/routing

After fixing /etc/rc.conf one can just run:
 # service routing restart

or even (until next boot or routing restart) just:
 # sysctl net.inet.ip.forwarding=1

cheers, Ian