From owner-freebsd-questions@freebsd.org Tue Oct 24 15:55:00 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CCA82E516B2 for ; Tue, 24 Oct 2017 15:55:00 +0000 (UTC) (envelope-from efrenba@gmail.com) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 932946503E for ; Tue, 24 Oct 2017 15:55:00 +0000 (UTC) (envelope-from efrenba@gmail.com) Received: by mail-io0-x235.google.com with SMTP id f20so24373922ioj.9 for ; Tue, 24 Oct 2017 08:55:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pjWrejXuvsG1oj9FYfZAjHF7Mhp/8MZpZC3qev4alCM=; b=UO//qfxvPuLoHKp7GROWbnCZKvKJ0O8kIhCr8kCPKdrVcrr6qky7yhyLXs++Liwcmd vL2Yhu9xOsHIEokg+uHtbS4OBDQttDelq7jVM5hdXHH8X+hDsMCBH9BqS+H8MS5Wt7GQ IOZcS/pj4TvNwKEetkfmAl3ilFPr6sFrFHPwzEACZaQPDFCmKFS44KzX8Gyiou6uqw/r R27IXiptIv+/E1f7uuaocEsa+v/msbdS+0r+cfYz32bpwH8HPgFSoq5zOPs83q176r69 0oUW6zq4DL1IxD/g2A/3TvpoEw/I3OG+LSez2onZRr54EYFS7BRU3xBAlWlo6ayoqNQr oABw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pjWrejXuvsG1oj9FYfZAjHF7Mhp/8MZpZC3qev4alCM=; b=Iz4dKlm4tiZ9ezUne+lkYcSuDDP8OPqF9toMaGLomC/7HXzdbTvsQVkPglbNidyP6g oWiEXbCEszeg/e1JnG7U06Zp4shR4jhWl4hrQh2/o4YjnMjqkRyadMNwjeMJXc8JsAaI qj2JVwu7ZVM8V9Jo/d7MnLiNX3CgnjAIFFkOlQwSohKtlPBtaKBg170+izm1/tch+KuE +6O9eMciGEYXAc5yt/ca8CAK2A42e8gCNG3piz6HVIckn/Y+tGCx0/UenB0S5/YkCbNl mkMvJWDddr/zl7xFAsVUCqkieUHz5ZLrCceybWCiJH9HlmIoielnRrUcogQBF4e2odGo faVg== X-Gm-Message-State: AMCzsaUptUY4jKo766cLqo828tF//waG0Om2QPLs418XE1KfF2xOF/fy iQ8G9GKHY6sHqMiSWLejpqIbZ4/EvBLSvGCsxyH2Mg== X-Google-Smtp-Source: ABhQp+RPKX8/OFfd4ndw9PmRvcK0axuLJ/ROZXt3MgBL81ASJWOExfjZ2xfFWwjZoeNZVqtf6e5xiXfDW+xznJ9VKZI= X-Received: by 10.107.47.133 with SMTP id v5mr20798713iov.22.1508860499961; Tue, 24 Oct 2017 08:54:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.80.199 with HTTP; Tue, 24 Oct 2017 08:54:59 -0700 (PDT) In-Reply-To: <20171024230440.N32145@sola.nimnet.asn.au> References: <20171024230440.N32145@sola.nimnet.asn.au> From: Efren Bravo Date: Tue, 24 Oct 2017 11:54:59 -0400 Message-ID: Subject: Re: Routing problem To: Ian Smith Cc: Trond.Endrestol@fagskolen.gjovik.no, freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2017 15:55:00 -0000 @Ian Smith: gateway_enable="YES" I wrote ok, was my mistake when I copy it into the email and sysctl net.inet.ip.forwarding=1. thanks @Trond Endrestol I didn't know about all those NATs (NAT44, NAT444, NAT64, etc), when I installed a fw box 10 years ago they didn't exist, I think, because I followed the same config and it worked. Now, the question is, how to make it work? thanks 2017-10-24 8:20 GMT-04:00 Ian Smith : > In freebsd-questions Digest, Vol 699, Issue 2, Message: 8 > On Mon, 23 Oct 2017 22:30:26 +0200 (CEST) > Trond Endrest?l wrote: > > On Mon, 23 Oct 2017 15:19-0400, Efren Bravo wrote: > > > > > Hi there, > > > > > > I installed a FreeBSD 10.1 box and upgraded to 10.4. I tried to > configure > > > this box as a FW but I can't get ping works from inside LAN to outside > > > world, neither any tcp/upd connection. Basic configs: > > > > > > router ip: 190.92.124.89 > > > > > > kernel (recompiled & installed OK): > > > a lot of innecesary things disabled before recompilation > > > --- > > > options IPFILTER > > > options IPFILTER_LOG > > > options IPFILTER_LOOKUP > > > options IPFILTER_DEFAULT_BLOCK > > > > > > /etc/rc.conf > > > --- > > > > > #WAN > > > ifconfig_re0="inet 190.92.124.90 netmask 255.255.255.248" > > > > Public IPv4 address space. > > > > > # LAN > > > ifconfig_em0="inet 10.170.0.1 netmask 25.255.255.128" > > > > Private IPv4 address space. > > > > Do you plan on setting up NAT44 on this box? You should if you want > > this setup to work as expected. > > Indeed, some variety of NAT daemon. But also .. > > > > defaultrouter="190.92.124.89" > > > gateway_eanble="YES" > > .. that needs to be 'gateway_enable'. > > % grep -wA7 gateway_enable /etc/rc.d/routing > > After fixing /etc/rc.conf one can just run: > # service routing restart > > or even (until next boot or routing restart) just: > # sysctl net.inet.ip.forwarding=1 > > cheers, Ian > -- ---------------- Efren Bravo