From owner-freebsd-questions@FreeBSD.ORG Sun Apr 13 09:04:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 345EA37B401 for ; Sun, 13 Apr 2003 09:04:45 -0700 (PDT) Received: from blueyonder.co.uk (pcow057o.blueyonder.co.uk [195.188.53.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id E79BD43FBF for ; Sun, 13 Apr 2003 09:04:43 -0700 (PDT) (envelope-from jfm@blueyonder.co.uk) Received: from lexx ([62.31.198.203]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75); Sun, 13 Apr 2003 17:04:40 +0100 From: John Murphy To: John C Date: Sun, 13 Apr 2003 17:04:37 +0100 Message-ID: <7qvi9vs9qiailrsrmbo6a0umbqecprqjdm@4ax.com> References: In-Reply-To: X-Mailer: Forte Agent 1.9/32.560 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable cc: questions@FreeBSD.ORG Subject: Re: Trouble configuring network gateway X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jfm@blueyonder.co.uk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 16:04:45 -0000 John C wrote: >I am attempting to turn a PC into a gateway/firewall for my home = network. >My ISP is Comcast ... So whatever ramifications therein, for better or >worse, apply to my predicament ... I don't know anything about Comcast, so my comments may not be helpful. >I've gotten both interfaces up and working, but I can't seem to get it = to >switch packets from within the subnet out into the internet. The kernel= is >pretty much GENERIC 4.7, except with the GATEWAY option set, plus with >net.link.ether.bridge=3D1 >In sysctl.conf On a pc gateway/firewall running 4.8 I can find nothing about 'GATEWAY' option in GENERIC or LINT. sysctl -a | grep bridge returns nothing. sysctl net.link.ether.bridge sysctl: unknown oid 'net.link.ether.bridge' Seems you are trying to make a bridge, which probably isn't what you = want. Set it back to 0. The bridge stuff enabled in the kernel shouldn't = matter. AFAIK all you need is the following in /etc/rc.conf gateway_enable=3DYES # Set to YES if this host will be a gateway "This option will set the sysctl(8) variable net.inet.ip.forwarding to = 1." from section 19.2.4 of the Handbook: Building a Router http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/routing.html Also, you'll need NAT if there will be more than one machine behind the firewall/gateway. http://www.uk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html John.