From owner-freebsd-questions  Tue Dec 11 20:11:48 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web20605.mail.yahoo.com (web20605.mail.yahoo.com [216.136.226.163])
	by hub.freebsd.org (Postfix) with SMTP id 98C9437B41D
	for <freebsd-questions@freebsd.org>; Tue, 11 Dec 2001 20:11:45 -0800 (PST)
Message-ID: <20011212041145.49325.qmail@web20605.mail.yahoo.com>
Received: from [136.165.81.139] by web20605.mail.yahoo.com via HTTP; Tue, 11 Dec 2001 20:11:45 PST
Date: Tue, 11 Dec 2001 20:11:45 -0800 (PST)
From: Donnie Jones <donniejones18@yahoo.com>
Subject: Re: ping says 'Permission Denied'
To: Lorin Lund <wbs@infowest.com>
Cc: freebsd-questions@freebsd.org
In-Reply-To: <20011212024938.A033A20F67@ns1.infowest.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

www.freebsddiary.org
and the freebsd manual have great information on
setting up a "gateway" for freebsd.  It's as easy as
going to www.google.com/bsd and searching for gateway.

Also.

Make sure you have these lines in your /etc/rc.conf
(maybe not exactly, but close) :

gateway_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
inetd_enable="YES"
ipv6_enable="YES"

You also need to have information in the ipnat.conf
such as:

map fxp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp
40000:65000
map fxp0 192.168.0.0/16 -> 0.0.0.0/32

Change the "fxp0" to whatever your device that
connects to the outside world.

As for "ipf.rules" you can leave it blank which leaves
the firewall open.  The permission denied from your
'ping' is probably b.c the firewall is not enabled as
open.

-Donnie  :)

--- Lorin Lund <wbs@infowest.com> wrote:
> I'm using 4.4 RELEASE.  I want to use natd (with a
> DSL connection)
> so I built a new kernel with 
> option  IPFIREWALL
> option  IPDIVERT
> added.
> 
> After I build the new kernel with 
> make depend
> make
> make install
> 
> When I reboot I can't ping that machine from
> outside.  When I try
> to ping other addresses from the box with the new
> kernel ping 
> gives an error message about 'Permission denied'.
> 
> Does anyone have experience with this?


__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message