Date: Tue, 22 Mar 2005 23:32:22 +0100 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: alfredoj69@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: Router/Firewall? Message-ID: <42409CF6.9010001@orchid.homeunix.org> In-Reply-To: <4240957A.9030206@gmail.com> References: <42407DB5.5050904@gmail.com> <4240915B.1090605@orchid.homeunix.org> <4240957A.9030206@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[please cc freebsd-questions, someone may be interested, too] Aperez wrote: > Karol Kwiatkowski wrote: > >> Aperez wrote: >> >> >>> Hi: >>> >>> I am trying to set up a router/firewall with Freebsd 5.3 this is my >>> information: >>> >>> Winxp and Freebsd machine connected to Firewall machine using a hub >>> >>> Firewall has two ethernet cards: card1: dc0 connected to cable internet >>> using DHCP >>> card 2: rl0 setup to use >>> 192.168.1.1 >>> >>> I can connect to the internet from the firewall: ping -c 3 www.yahoo.con >>> successfull >>> I can ping from Firewall to the other two machines (WinXP and FreeBSD) >>> I can ping from XP to FreeBsd and Firewall >>> I can pin from FreeBSD to XP and Firewall >>> >> >> >> OK, it appears your internal network is working. >> >> Did you set 'defaultrouter' on FreeBSD and XP (whatever it may be >> called on Windows) to 192.168.1.1 (IP of the gateway)? >> >> >> >> >>> Here is the problem: I cant connect to internet from neither XP nor >>> FreeBSD machine >>> >>> Here is my rc.conf from the firewall machine: >>> >>> gateway_enable="YES" >>> ifconfig_lo0="inet 127.0.0.1" >>> ifconfig_dc0="DHCP" >>> ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" >>> ipfilter_enable="YES" >>> ipmon_enable="YES" >>> ipmon_flags="-Dsvn" >>> ipnat_enable="YES" >>> >> >> >> What rules do you have in ipfilter and ipnat? Have you enabled NAT? >> >> >> >> >>> ipfs_enable="YES" >>> >>> Can anyabody tell me what I am missing? >>> >> >> >> Regards, >> >> Karol >> >> >> > Hi > > I did set up Winxp to use 192.168.1.1 as gateway and I put > defaultrouter=192.168.1.1 in the Freebsd machine. > > I dont have rules for ipfilter because I was trying to see if there was > connectivity box---firewall---internet. > Do I have to have ipnat rules in oder for the machines to connect to the > internet? Yes. NAT is not working yet. With ipnat_enable="YES" you've just enabled ipnat but you didn't tell it what to do yet. Something like this would do: > map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto # NAT for LAN +port mapping > map dc0 192.168.1.0/24 -> 0/32 # NAT for LAN (icmp) But keep in mind I no longer use ipfilter/ipnat. Please check manpage for ipnat(1). Also handbook section: 24.5.14 NAT http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html > Dind't I enable natd by putting "ipnat_enable="YES"" or do I have to put this > instead natd_enable="YES"? 'natd' is another way to do NAT. You'll need only one of them. And ipnat just doesn't do NAT yet. Regards, Karol -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42409CF6.9010001>