From owner-freebsd-questions Sun May 7 14:35:35 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id EE52C37C108 for ; Sun, 7 May 2000 14:35:22 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id RAA23558; Sun, 7 May 2000 17:34:47 -0400 (EDT) (envelope-from cjc) Date: Sun, 7 May 2000 17:34:47 -0400 From: "Crist J. Clark" To: Allen Lu Cc: Chris Phillips , questions@FreeBSD.ORG Subject: Re: ipfirewall (ipfw) Message-ID: <20000507173447.C23187@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000507164028.23294.qmail@web2102.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000507164028.23294.qmail@web2102.mail.yahoo.com>; from allenklu@yahoo.com on Sun, May 07, 2000 at 09:40:28AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Can you turn off the forced line-wrapping in your mailer? It makes things very hard to read.] On Sun, May 07, 2000 at 09:40:28AM -0700, Allen Lu wrote: > Hi I made the modifications as suggested however I > still do not get 216.218.224.107 forwarded to > 192.168.1.10. It goes directly to the firewall. Here > is my current config: > > rogue# cat /etc/natd.conf > redirect_address 192.168.1.10 216.218.224.107 > rogue# cat /etc/rc.conf > # This file now contains just the overrides from > /etc/defaults/rc.conf > # please make all changes to this file. > > # -- sysinstall generated deltas -- # > gateway_enable="YES" > network_interfaces="rl0 rl1 lo0" > ifconfig_rl0="inet 216.218.224.106 netmask > 255.255.255.248 broadcast 216.218.224.112" > ifconfig_rl0_alias0="inet 216.218.224.107 netmask > 255.255.255.255 broadcast 216.218.224.112" > ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" > ifconfig_lo0="inet 127.0.0.1" > defaultrouter="216.218.224.105" > hostname="rogue.alltopix.com" > firewall_enable="YES" > firewall_type="open" > firewall_quiet="NO" > natd_enabled="YES" > natd_interface="rl0" > natd_flags="-u -m -f /etc/natd.conf" > sendmail_enable="NO" > gateway_enable="YES" > router_enable="NO" > static_routes="" > router="routed" > mrouted_enable="NO" > mrouted_flags="" > ipxgateway_enable="NO" > tcp_extensions="NO" > ipxrouted_enable="NO" > ipxrouted_flags="" > arpproxy_all="" > forward_sourceroute="NO" > accept_sourceroute="NO" > > Thank you for your help. > > Allen > > --- Chris Phillips wrote: > > Hi Allen, > > > > Throw this line in your kernel as well. > > > > options IPFIREWALL_FORWARD #enable > > transparent proxy support This is not needed. > > Also, change your rc.conf alias line to.. > > > > ifconfig_rl0_alias0="inet 216.218.224.107 netmask > > 255.255.255.255 > > broadcast 216.218.224" This is correct. > > The netmask needs to be 255.255.255.255 or you will > > not be able to route > > packets between IPs as the machine is looking for > > something that is > > physically on the net and not just an alias. Packet > > forwarding needs to > > be on to allow static routing. I do not understand why this would not be working for you. Have you made any customizations to rc.firewall? When your system is up and running could you provide the output of, # ifconfig -a # netstat -rn # ipfw show # ps aux | grep natd To see if something strange is going on? > > -Chris Phillips > > > > On Sun, 7 May 2000, Allen Lu wrote: > > > > > Hi I have a question that I've been trying to find > > an > > > answer in the docs for a while but can't seem to > > get a > > > finger on what the problem could be. > > > > > > I'm using the latest standard release FreeBSD-4.0. > > > These are my kernel changes under MYKERNEL to turn > > on > > > firewall and static natd on two interfaces: rl0, > > rl1. > > > Followed by my rc.conf. > > > > > > The problem is packets are not getting forwarded > > by > > > the redirect_address statement in my > > /etc/natd.conf > > > file. My goal is to setup a static natd by > > translating > > > a real internet IP to the public interface (rl0) > > and > > > redirect it after filtering to the private LAN via > > > 192.168.1.1 to 192.168.1.10. When I telnet to > > > 216.218.224.107, it goes to the firewall, not the > > > destined client I want. I also cannot ping > > > 216.218.224.107 on the firewall itself. 224.107 is > > > aliased to 224.106, which is the original ip > > address > > > of the public card. > > > > > > KERNEL: > > > options IPFIREWALL > > > options IPFIREWALL_VERBOSE > > > options IPDIVERT > > > > > > rc.conf: > > > # -- sysinstall generated deltas -- # > > > gateway_enable="YES" > > > network_interfaces="rl0 rl1 lo0" > > > ifconfig_rl0="inet 216.218.224.106 netmask > > > 255.255.255.248 broadcast 216.218.224 > > > .111" > > > ifconfig rl0 alias 216.218.224.107 netmask > > > 255.255.255.248 > > > ifconfig_rl1="inet 192.168.1.1 netmask > > 255.255.255.0" > > > ifconfig_lo0="inet 127.0.0.1" > > > defaultrouter="216.218.224.105" > > > hostname="rogue.alltopix.com" > > > firewall_enable="YES" > > > firewall_type="open" > > > firewall_quiet="NO" > > > natd_enabled="YES" > > > natd_interface="rl0" > > > natd_flags="-u -m -f /etc/natd.conf" > > > sendmail_enable="NO" > > > gateway_enable="YES" > > > router_enable="NO" > > > static_routes="" > > > router="routed" > > > mrouted_enable="NO" > > > mrouted_flags="" > > > ipxgateway_enable="NO" > > > tcp_extensions="NO" > > > ipxrouted_enable="NO" > > > ipxrouted_flags="" > > > arpproxy_all="" > > > forward_sourceroute="NO" > > > accept_sourceroute="NO" > > > > > > /etc/natd.conf: > > > redirect_address 192.168.1.10 216.218.224.107 > > > > > > Any suggestions to why it doesn't work? > > > > > > Allen > > > > > > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Send instant messages & get email alerts with > > Yahoo! Messenger. > > > http://im.yahoo.com/ > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body > > of the message > > > > > > > __________________________________________________ > Do You Yahoo!? > Send instant messages & get email alerts with Yahoo! Messenger. > http://im.yahoo.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message