Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Dec 2000 15:31:42 -0500
From:      "Robert Myers" <ccrider@whiterose.net>
To:        <brueggma@snoopie.yi.org>, <questions@FreeBSD.ORG>
Subject:   RE: ipfw/gateway
Message-ID:  <000101c06ae9$c54e9680$0201a8c0@ccrider2k>
In-Reply-To: <20001219200559.A80329@snoopie.yi.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Eric,

	You will need to add IP_FORWARD in the kernel config, compile and rebuild.
That option will
	allow you to forward packets accross the interfaces.  Don't forget to
enable all the rest of the IPFW
	options if you want the ability to deny traffic.....

	Also add to /etc/rc.conf gateway_enable=yes.

	I am pretty sure about these values, although I can be wrong, look for
kernel config value in
	LINT, and look for gateway_enable in /etc/defaults/rc.conf

	I think this should put you a lot closer to a NAT type setup, if you want
something more complex
	than a single IP address sharing for all of your machines, I think natd
will help you out.

	Hope that helps

Bob Myers


-----Original Message-----
From: brueggma@dsl-64-193-123-121.telocity.com
[mailto:brueggma@dsl-64-193-123-121.telocity.com]On Behalf Of Eric
Brueggmann
Sent: Tuesday, December 19, 2000 9:06 PM
To: questions@FreeBSD.ORG
Subject: ipfw/gateway


Hello,

	I was wondering if any knows where I can find some info on setting
up a firewall with ipfw and allowing all the boxes behind the
gateway/firewall
access to the net.  I thought this would do it:

        # Allow all from the inside.
        ${fwcmd} add pass all from any to any via ${iif}
        ${fwcmd} add pass all from any to any out via ${oif}

but it dosen't quite work.  I still can't check out the  web from behind
the firewall.  I'm using the "simple" ipfw firewall with the only
modifications
above.  I was unable to ping the gateway/firewall from the client till I
added
those rules.  Should I setup a proxy?  But how am I gonna use napster?  ;-)
Or am I just plain confused on how this all works?  Is there an easier way,
then setting up a complicated ipfw rule set?


				Thanks for any input,
				Eric Brueggmann

P.S. Please cc to my e-mail, I usually don't follow questions@.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000101c06ae9$c54e9680$0201a8c0>