From owner-freebsd-questions@FreeBSD.ORG Thu Jun 10 02:28:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3D1616A4CE for ; Thu, 10 Jun 2004 02:28:36 +0000 (GMT) Received: from auk1.snu.ac.kr (auk1.snu.ac.kr [147.46.100.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7926443D2F for ; Thu, 10 Jun 2004 02:28:36 +0000 (GMT) (envelope-from stopspam@users.sourceforge.net) Received: from [147.46.44.181] (stopspam@users.sourceforge.net) by auk1.snu.ac.kr (Terrace Internet Messaging Server) with ESMTP id 2004061011:28:24:835367.24301.2699414448 for ; Thu, 10 Jun 2004 11:28:24 +0900 (KST) Message-ID: <40C7C751.1000300@users.sourceforge.net> Date: Thu, 10 Jun 2004 11:28:33 +0900 From: Rob User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: asolomon15 , freebsd-questions@freebsd.org References: <40C7C07E.2090602@nyc.rr.com> In-Reply-To: <40C7C07E.2090602@nyc.rr.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-TERRACE-SPAMMARK: NO (SR:6.82) (by Terrace) Subject: Re: help setting up natd and ipfw on freebsd5.2.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 02:28:36 -0000 asolomon15 wrote: > Hello all, > I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no > luck. What I wanted to do was to setup a gateway for my internal > network to my cable provider. On my server box I have two ethernet card > dc0 pointing to cable modem and dc1 pointing to hub so that the other > computers may connect with my bsd gateway. I managed recompile the > kernel with options IPFIREWALL and IPDIVERT and kernel compiled > successfully. > Then I add natd, gateway and firewall to my rc.conf file > gateway_enable="YES" > natd_enable="YES' > natd_interface="dc0" > firewall_enable="YES" > firewall_type="/etc/rc.firewall" I think you mixed up the following two (excerpt from /etc/default/rc.conf): firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) To fix your mistake, I would then not touch the firewall_script variable, but only set firewall_type in /etc/rc.conf: firewall_type="open" ----- Then why your ping doesn't work with firewall, and works when firewall off: It seems you are not using options IPFIREWALL_DEFAULT_TO_ACCEPT" in your kernel configuration, which means, by default your kernel blocks *everything* (also the ping). Since you used the wrong variable settings in /etc/rc.conf, you ended up with firewall that blocks everything. Disabling the firewall, opens up your connections again. Hence the behaviour of your ping tests. Using firewall_type="open" in rc.conf will prevent this. Check your firewall settings, as root, "ipfw list". Does this make sense to you? Rob.