Date: Tue, 03 Sep 2002 09:10:28 -0400 From: bvagnoni@comcast.net To: Roger 'Rocky' Vetterberg <listsub@401.cx> Cc: freebsd-hackers@FreeBSD.ORG Subject: RE: Need ER Help Setting Up My 4.6.2 Box Behind a Nated Router Message-ID: <NGECICNNLOBIJAPCIBADMEIMCHAA.bvagnoni@comcast.net> In-Reply-To: <3D74851D.5080407@401.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Roger; Tried that and still no luck I can't route to the net. Here is a diagram of my network I hope that helps you or someone else with my problem: No it's not a router for other machines. It's just a machine behind a routerguard the Watch Firebox 700 that I wnat to allow to send and receive packets to and fromt he internet. internet 64.229.249.194/29 -----> 1 to 1 NAT for addresses 64.220.249.195-198 --- 192.168.1.101 - 104 firebox router 64.220.249.193 ---- >> 192.168.1.1 | | | |----------------------|--------------------------|------------| windows web server windows box freebsdbox windows box 192.168.1.101 192.168.1.102 192.168.1..103 192.168.1.104 Sincerely Brian -----Original Message----- From: owner-freebsd-hackers@FreeBSD.ORG [mailto:owner-freebsd-hackers@FreeBSD.ORG]On Behalf Of Roger 'Rocky' Vetterberg Sent: Tuesday, September 03, 2002 5:47 AM To: bvagnoni@comcast.net Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Need ER Help Setting Up My 4.6.2 Box Behind a Nated Router bvagnoni@comcast.net wrote: > Dear All;; > > I have a 4.6.2 box connected to a Firebox 700, which is doing one to one > nat. The firebox is setup to take public ip 64.220.249.197/29, gateway > 64.220.249.193 and translate it to 192.168.1.103/24, gateway 192.168.1.1. > > I can ping the private gateway, the box itself and other computers on the > network, But I can not ping anything out side of it. I have other machince > none freebsd boxes on the same private network that can get out on the net > fine without any problems. > > The interface that I'm using is called sf0 which is attached to an adpatec > nic card which is connected to the firebox. > > The contents of my rc.conf file are as follows: > > defaultrouter="192.168.1.1" > hostname="system3.v-system.net" > ifconfig_sf0="inet 192.168.1.103 netmask 255.255.255.0" > kern_securelevel_enable="NO" > linux_enable="YES" > moused_enable="YES" > nfs_reserved_port="YES" > sendmail_enable="YES" > sshd_enable="YES" > nfs_server_enable="YES" > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="sf0" > natd_flags="" > sysctl net.inet.ip.forwarding=1 > > natd is not listed in services I took it out as it didn't seem to help > helping it in there. > > other available interfaces are fxp0(unused intel nic card) ppp0, sl0, faith0 > > I don't care about a firewall as it's totally behind the firebox 700. I just > want to be able to send and receiev packets to and from the internet to that > box. > > WHat am I dong wrong. Please any help, it's 4am here and I've looked though > the man, the 2 years worht of e-mails and I just can't find the answer. I > wish there was a faq about this subject. It seems like a common problem > > SO please I have a server that is down right now if you could help I would > be enternally gateful. Please please I so burnt at this point. > > Sincerely > > Brian > > PS I have the following options compiled in my kernel: > > cd /usr/src/sys/i386/conf > > cp GENRIC SYSTEM3 > edit SYSTEM3 > placed those lines in there under the other option lines > > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > > save & exit > > cd /usr/src > > make buildkernel KENCONF=SYSTEM3 > make installkernel KENCONF=SYSTEM3 > sync > reboot > This is a guess, I currently dont have a box available to test on, but if you set natd_enable=YES and firewall_enable=YES in rc.conf, it will add a rule like "divert 8668 ip from any to any via sf0" as one of the first firewall rules. If you have that rule and no natd running, you will experience some difficulties connecting. Try something like 'ipfw flush && ipfw add 00001 allow ip from any to any' (do this at the console, not logged in over the network!). After that you can be sure your firewall and/or natd will not be causing the problems, and you can if needed continue your troubleshooting. If you still have problems, please reply to me and/or freebsd-questions@freebsd.org. freebsd-hackers is not the correct list for these kind of questions. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGECICNNLOBIJAPCIBADMEIMCHAA.bvagnoni>