From owner-freebsd-questions Thu Apr 18 4:57:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by hub.freebsd.org (Postfix) with ESMTP id 97C3937B404 for ; Thu, 18 Apr 2002 04:57:27 -0700 (PDT) Received: (qmail 92824 invoked from network); 18 Apr 2002 12:09:55 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 18 Apr 2002 12:09:55 -0000 Message-ID: <3CBEB448.28D0E3B8@liwing.de> Date: Thu, 18 Apr 2002 13:55:52 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "saifuddin Abd. Salam" Cc: freebsd-questions@freebsd.org Subject: Re: Router/Gateway References: <20020418102655.55019.qmail@web11406.mail.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "saifuddin Abd. Salam" wrote: > > I have setup the pc router/gateway with this > conditions: > 1. I have added the options into kernel, and compiled > too: > a. options IPFILTER > b. options IPFILTER_LOG > c. options IPFIREWALL_DEFAULT_TO_ACCEPT AFAIK IPFIREWALL && IP_FILTER are 2 different systems. By the way, not adding "options IPFILTER_DEFAULT_BLOCK" should be enough... You're safe in it, creating a simple ipf.rules: pass in all pass in all proto tcp/udp keep state pass in all proto icmp keep state pass out all pass out all proto tcp/udp keep state pass out all proto icmp keep state > 2. In the rc.conf file, I have these lines: > a. defaultrouter="my.internet.ip.default.gateway" > b. gateway_enable="YES" > c. hostname="my.hostname" > d. network_interface="xl0 lo0 xl1" > e. ifconfig_xl0="inet x.x.x.x netmask > 255.255.255.0" > f. ifconfig_xl1="inet y.y.y.y netmask > 255.255.255.0" > g. ipnat_enable="YES" > h. ipnat_rules="/etc/ipnat.rules" > i. ipfilter_rules="/etc/ipf.rules" You should also enable IP-LOG ipmon_enable="YES" ipmon_flags="-D /var/log/ipmon.log" # or sth. else > ... > ... > 3. The ipnat.rules has these rules: > a. map xl0 x.x.x.0/24 -> 0.0.0.0/32 portmap > tcp/udp auto > b. map xl0 x.x.x.0/24 -> 0.0.0.0/32 > c. rdr xl0 0.0.0.0/32 port 80 -> my.proxy.op port > 8080 > > 4. Meanwhile my ipf rules was blank see above. > 5. Ping from router/gateway to host in internal network is ok. > 6. ping from host internal network to router/gateway is ok What's with ping router external network and ping from external to you're router? If you plan using our servers to test - let it, they don't answer. Use www.freebsd.org instead. > Problems: > Ping, browsing from host internal network into outside > the world was failed If above hints didn't help, try using tcpdump - remember to have a bpf-device build in the kernel or load by module (possible?) ... > Have the idea to solve? > > thanks > regards > Saifuddin > Jens -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message