Date: Sat, 15 May 1999 11:20:52 -0700 (PDT) From: daniel B <danielb@pacex.net> To: freebsd-questions@freebsd.org Subject: RE: natd and ipfw woes! Message-ID: <Pine.BSF.3.96.990515103645.7756A-100000@almazs.pacex.net>
next in thread | raw e-mail | index | archive | help
Hi list; Please read this you may have the key to end my grief! I have a network that looks like this: Internet-----[ router ]---[ep1 firewall/gateway ep0]---[ LAN ] router=204.1.215.219---ep1=204.1.215.131----ep0=10.0.0.1---LAN= real IPs ep1 is external interface with real IP ep0 is internal interface with dummy IP can't have two nics in the same subnet so I gave it a fake IP which the outside won't notice. all machines in the LAN have real IPs Everything is in the same subnet /27 I am trying to use ipfw with natd on a fbsd 3.1-R firewall/gateway Kernel configured for: options IPFIREWALL_VERBOSE options BRIDGE options IPDIVERT sysctl setup: net.inet.ip.forwarding=1 net.link.ether.bridge=0 # not sure what the relevance is here net.link.ether.bridge_ipfw=0 # same here is this relevant to my setup? /etc/rc.conf gateway_enable=YES firewall_enable=YES natd_enable=YES firewall_type=open FIREWALL RULES: $fwcmd add 201 divert natd all from any to any via ep1 $fwcmd add 202 pass all from any to any /etc/services ----> natd 8668/divert I want my inside LAN machines to keep their real IPs and want to firewall them from the outside world. BUT it does not seem to work with this setup! everytime I try to ping the router from the gateway I get ` permission denied' I can ping both nics on the gateway from machine itself but NOT from the LAN. When I ping/telnet to LAN from gateway I get `permission denied` What am I doing wrong?? Thank for your help Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990515103645.7756A-100000>