From owner-freebsd-questions Thu Nov 21 6:38: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 523EA37B401 for ; Thu, 21 Nov 2002 06:38:02 -0800 (PST) Received: from hotmail.com (f157.pav2.hotmail.com [64.4.37.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 041BF43E8A for ; Thu, 21 Nov 2002 06:38:02 -0800 (PST) (envelope-from keltondlg@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 21 Nov 2002 06:37:57 -0800 Received: from 161.114.1.185 by pv2fd.pav2.hotmail.msn.com with HTTP; Thu, 21 Nov 2002 14:37:57 GMT X-Originating-IP: [161.114.1.185] From: "Thomas Heien" To: freebsd-questions@FreeBSD.org Subject: Re: FreeBSD gateway Date: Thu, 21 Nov 2002 08:37:57 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 21 Nov 2002 14:37:57.0814 (UTC) FILETIME=[95A80560:01C2916B] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am having almost the same exact problem. I've followed the guides on freebsddiary, in the handbook, and instructions here in the list, but I still can't ping out to the internet from my xp box. I can however ping the external NIC's IP address though. Maybe someone can post a simplified rc.firewall just for gateways? >From: Constantine >To: Marc Perisa >CC: Derrick Ryalls >,freebsd-questions@FreeBSD.org >Subject: Re: FreeBSD gateway >Date: Wed, 20 Nov 2002 18:18:01 -0500 > >Marc Perisa wrote: >>Derrick Ryalls wrote: >> >>>>Hello! >>>>I have installed FreeBSD 4.7 recently, and it seems it does not want to >>>>work as a gateway. I have two network cards in my FreeBSD computer, fxp0 >>>>for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am >>>>confused what the difference between gateways and routers is (I was >>>>thinking they link to the same thing). I can ping my FreeBSD box from >>>>winxp, I can ping internet from remote session to FreeBSD, but I cannot >>>>ping internet from my winxp. >>>>My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway >>>>192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: >>>> >>>>gateway_enable="YES" >>>>kern_securelevel_enable="NO" >>>>nfs_reserved_port_only="YES" >>>>ifconfig_sis0="DHCP" >>>>ifconfig_fxp0="inet 192.168.0.18 netmask 255.255.255.0" >>>>#router_enable="YES" # from handbook gateway_enable="YES" >>>>firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" >>>>natd_interface="sis0" >>> >> >>natd_flags="" #/ handbook >> >>> >>> >>>Are your ip's reversed? I think the gateway should have the .1 address >>>and the xp box should use the .18 >> >> >>Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box >>to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally >>you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But >>it is not forbidden to set it to any IP in that subnet. >> >>> >>>Are you using the default kernel? If so, you will need to add a couple >>>lines are recompile. >>> >>>options IPFIREWALL #firewall >>>options IPDIVERT #divert sockets >>> >>>as for the difference between a router and a gateway, a gateway is a >>>machine to deal with going from one network (lan) to another network >>>(wan), I think. >>> >> >> From your point of view (as needed for this problem) routers and >>gateways are the same. In this case the FreeBSD box is acting as a router >>for your internal net to the Internet. A simple router would do the same. >>But for more complex routing you have to either setup gated (or similar >>software) or add all rules (if they are static) by hand. >>A gateway is the simplest form of a router. >> >>>>The last two lines from dmesg: >>>>IP packet filtering initialized, divert disabled, rule-based forwarding >>>>enabled, default to deny, logging disabled >>>>ip_fw_ctl: invalid command >>> >> >>That hints to a problem with the /etc/rc.firewall script (which is called >>when you add to /etc/rc.conf firewall_enable="YES"). >> >>Please provide us with the output of "ipfw list". (You have to do that as >>root of course). I think your firewall ruleset is not tuned for a gateway >>situation. >> >>Hope that helps >> >>Marc >> >> > ># ipfw show >00100 0 0 allow ip from any to any via lo0 >00200 0 0 deny ip from any to 127.0.0.0/8 >00300 0 0 deny ip from 127.0.0.0/8 to any >65000 8102 5158330 allow ip from any to any >65535 1 60 deny ip from any to any > >I want FreeBSD to act as a simple gateway for my LAN, but for some reason >it does not want to work that way, though I have confirmed to the >installation programme that I want FreeBSD to function as a gateway. What >are the simplest steps I need to follow to make FreeBSD act as a gateway? >(I have a fresh 4.7R installation) > >Thanks. > >Constantine > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message