Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2002 13:55:52 +0200
From:      Jens Rehsack <rehsack@liwing.de>
To:        "saifuddin Abd. Salam" <saif_addin@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Router/Gateway
Message-ID:  <3CBEB448.28D0E3B8@liwing.de>
References:  <20020418102655.55019.qmail@web11406.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


"saifuddin Abd. Salam" wrote:
> 
> I have setup the pc router/gateway with this
> conditions:
> 1. I have added the options into kernel, and compiled
> too:
>     a. options IPFILTER
>     b. options IPFILTER_LOG
>     c. options IPFIREWALL_DEFAULT_TO_ACCEPT
AFAIK IPFIREWALL && IP_FILTER are 2 different systems. By the way, not adding
"options IPFILTER_DEFAULT_BLOCK" should be enough...
You're safe in it, creating a simple ipf.rules:

pass in all
pass in all proto tcp/udp keep state
pass in all proto icmp keep state
pass out all
pass out all proto tcp/udp keep state
pass out all proto icmp keep state


> 2. In the rc.conf file, I have these lines:
>     a. defaultrouter="my.internet.ip.default.gateway"
>     b. gateway_enable="YES"
>     c. hostname="my.hostname"
>     d. network_interface="xl0 lo0 xl1"
>     e. ifconfig_xl0="inet x.x.x.x netmask
> 255.255.255.0"
>     f. ifconfig_xl1="inet y.y.y.y netmask
> 255.255.255.0"
>     g. ipnat_enable="YES"
>     h. ipnat_rules="/etc/ipnat.rules"
>     i. ipfilter_rules="/etc/ipf.rules"
You should also enable IP-LOG
ipmon_enable="YES"
ipmon_flags="-D /var/log/ipmon.log" # or sth. else

>      ...
>      ...
> 3. The ipnat.rules has these rules:
>     a. map xl0 x.x.x.0/24 -> 0.0.0.0/32 portmap
> tcp/udp auto
>     b. map xl0 x.x.x.0/24 -> 0.0.0.0/32
>     c. rdr xl0 0.0.0.0/32 port 80 -> my.proxy.op port
> 8080
> 
> 4. Meanwhile my ipf rules was blank
see above.

> 5. Ping from router/gateway to host in internal network is ok.
> 6. ping from host internal network to router/gateway is ok
What's with ping router external network and ping from external to
you're router? If you plan using our servers to test - let it,
they don't answer. Use www.freebsd.org instead.

> Problems:
> Ping, browsing from host internal network into outside
> the world was failed
If above hints didn't help, try using tcpdump - remember to have a bpf-device
build in the kernel or load by module (possible?) ...

> Have the idea to solve?
> 
> thanks
> regards
> Saifuddin
> 
Jens
-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                  gggg    06112 Halle
                                     g
                                 g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CBEB448.28D0E3B8>