From owner-freebsd-questions@FreeBSD.ORG Wed Aug 18 13:37:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3952616A4CE for ; Wed, 18 Aug 2004 13:37:52 +0000 (GMT) Received: from lakermmtao03.cox.net (lakermmtao03.cox.net [68.230.240.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id B268043D45 for ; Wed, 18 Aug 2004 13:37:51 +0000 (GMT) (envelope-from jacoulter@jacoulter.net) Received: from [68.105.58.150] by lakermmtao03.cox.net (InterMail vM.6.01.03.02.01 201-2131-111-104-103-20040709) with SMTP id <20040818133749.GGYP12724.lakermmtao03.cox.net@[68.105.58.150]>; Wed, 18 Aug 2004 09:37:49 -0400 Received: by _HOSTNAME_ (sSMTP sendmail emulation); Wed, 18 Aug 2004 08:37:34 -0500 From: "James A. Coulter" Date: Wed, 18 Aug 2004 08:37:34 -0500 To: AETCH Message-ID: <20040818133734.GA6786@sara.mshome.net> Mail-Followup-To: AETCH , freebsd-questions@freebsd.org References: <200372004831873631906@ms12.url.com.tw> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200372004831873631906@ms12.url.com.tw> User-Agent: Mutt/1.4.2.1i cc: freebsd-questions@freebsd.org Subject: Re: problem with getway X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 13:37:52 -0000 On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: > I have install freebsd 4.x,and have two netcards. > I want it as getway. > I have config "gateway_enable=YES" in rc.conf,and then reboot. > [a pc]--------[freebsd]-------[b pc] > After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and > b pc can ping freebsd successful,why? > Please give me a hand. > Thanks!! > > aetch Have you built a kernel with IPFW enabled and have you enabled natd in your rc.conf? Both IPFW (or perhaps IPFILTER) must be enabled to allow packet forwarding. Just setting gateway="yes" in rc.conf isn't enough (I know - I made the same mistake) You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and build a custom kernel with IPFW enabled. Here's the lines I added to my kernel: # IP Aliasing and Firewall options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT and here's what I put in my rc.conf: gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" You will also need to enable the firewall in rc.conf - what follows is for an entirely OPEN firewall, i.e. it allows anything and everything through. (But you must have the firewall enabled to use the IP forwarding capabilities): firewall_enable="YES" #firewall_type="OPEN" #firewall_script="/etc/openfirewall.rules" and the contents of /etc/openfirewall.rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc1 /sbin/ipfw add pass all from any to any Chapter 8 of the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html) and Chapter 14, Section 8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html have most of the information you'll need. In future posts, paste the contents of your rc.conf and any other files involved- that will help the list answer your question more quickly. HTH Jim