Date: Fri, 5 Jan 2001 14:48:59 -0800 From: "Peter Brezny" <peter@sysadmin-inc.com> To: "'Sean'" <devotwo@home.com> Cc: <freebsd-net@freebsd.org> Subject: RE: Problem with Multihomed Machine Message-ID: <000301c07769$b21584c0$46010a0a@sysadmininc.com> In-Reply-To: <3A55BE97.B30025E8@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0004_01C07726.A3F244C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit If your freebsd machine is working fine and you can ping the windows box from freebsd but not the other way, it seems to point to your firewall preventing the windows box from connecting. you can disable the firewall completely and see if you can ping from the windows machine, then work back from there. try ipfw -f flush ipfw add allow all from any to any at the command line then see if things work. you can use /etc/netstart to reread your rc.conf (and restart your firewall) or restart the firewall directly if it's a script sh /etc/rc.firewall have a look at http://www.bsdtoday.com/2000/December/Features359.html for yet another nat/ipfw how to. Peter Brezny SysAdmin Services Inc. -----Original Message----- From: root@FreeBSD.ORG [mailto:root@FreeBSD.ORG]On Behalf Of Sean Sent: Friday, January 05, 2001 4:31 AM To: freebsd-net@FreeBSD.ORG Subject: Problem with Multihomed Machine Hello. I'm having some problems setting up a multihomed machine and was wondering if someone could point me in the right direction. I have a FreeBSD box with 2 ethernet cards. One card, rl0, is connected to my cable modem. The other card, rl1, is connected to a Win2000 box. The goal is to have FreeBSD act as a firewall for the Win2000 machine. I have set the IP address of the internal network card (rl1) to 10.0.0.1, and I have the IP address of Win2000 set as 10.0.0.2, with a gateway of 10.0.0.1. The problem I'm having is, I can't get Win2000 to do anything to try and connect to FreeBSD, it won't even do a ping of the FreeBSD machine. From FreeBSD, I can get on the internet, and ping Win2000, but, Win2000 won't connect to anything. I've read quite a few howtos on natd and setting up a firewall, but, I can't figure out why it's not working. Just from looking at the Win2000 settings, it appears it's set up right, so, I am wondering if I'm doing something wrong in FreeBSD. Below I've included the output from ifconfig -a, netstat -rn and netstat -in. Any help would be greatly appreciated. IFCONFIG -A rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 24.14.186.233 netmask 0xffffff80 broadcast 24.14.186.255 inet6 fe80::200:21ff:fedb:7c22%rl0 prefixlen 64 scopeid 0x1 ether 00:00:21:db:7c:22 media: autoselect (none) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::250:baff:fed3:5b03%rl1 prefixlen 64 scopeid 0x2 ether 00:50:ba:d3:5b:03 media: autoselect (100baseTX <full-duplex>) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> NETSTAT -RN Routing tables Internet: Destination Gateway Flags Netif Expire default 24.14.186.129 UGSc rl0 10/24 link#2 UC rl1 => 24.14.186.128/25 link#1 UC rl0 => 24.14.186.129 0:30:80:6e:e8:70 UHLW rl0 823 24.14.186.255 ff:ff:ff:ff:ff:ff UHLWb rl0 127.0.0.1 127.0.0.1 UH lo0 NETSTAT -IN Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll rl0 1500 <Link#1> 00:00:21:db:7c:22 52 0 11 0 0 rl0 1500 24.14.186.128 24.14.186.233 52 0 11 0 0 rl0 1500 fe80:1::200 fe80:1::200:21ff: 52 0 11 0 0 rl1 1500 <Link#2> 00:50:ba:d3:5b:03 19 0 9 0 0 rl1 1500 10/24 10.0.0.1 19 0 9 0 0 rl1 1500 fe80:2::250 fe80:2::250:baff: 19 0 9 0 0 Sean Chisek devotwo@home.com ------=_NextPart_000_0004_01C07726.A3F244C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR></HEAD> <BODY> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>If=20 your freebsd machine is working fine and you can ping the windows box = from=20 freebsd but not the other way, it seems to point to your firewall = preventing the=20 windows box from connecting.</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>you=20 can disable the firewall completely and see if you can ping from the = windows=20 machine, then work back from there.</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001>try</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>ipfw=20 -f flush</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>ipfw=20 add allow all from any to any</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>at the=20 command line then see if things work.</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>you=20 can use </SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001>/etc/netstart </SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>to=20 reread your rc.conf (and restart your firewall) </SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>or=20 restart the firewall directly if it's a script</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>sh=20 /etc/rc.firewall</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D680254322-05012001>have a=20 look at</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D680254322-05012001></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff><SPAN class=3D680254322-05012001> <P><A = href=3D"http://www.bsdtoday.com/2000/December/Features359.html"><FONT=20 face=3DArial=20 size=3D2>http://www.bsdtoday.com/2000/December/Features359.html</FONT></A= ></P> <P><FONT face=3DArial size=3D2><SPAN class=3D680254322-05012001>for yet = another=20 nat/ipfw how to.</SPAN></FONT></P></SPAN></FONT></DIV> <P><FONT face=3D"Courier New" size=3D2>Peter Brezny</FONT> <BR><FONT=20 face=3D"Courier New" size=3D2>SysAdmin Services Inc.</FONT> </P> <BLOCKQUOTE> <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT = face=3DTahoma=20 size=3D2>-----Original Message-----<BR><B>From:</B> root@FreeBSD.ORG=20 [mailto:root@FreeBSD.ORG]<B>On Behalf Of </B>Sean<BR><B>Sent:</B> = Friday,=20 January 05, 2001 4:31 AM<BR><B>To:</B>=20 freebsd-net@FreeBSD.ORG<BR><B>Subject:</B> Problem with Multihomed=20 Machine<BR><BR></DIV></FONT>Hello. I'm having some problems = setting up a=20 multihomed machine and was wondering if someone could point me in the = right=20 direction. I have a FreeBSD box with 2 ethernet cards. One = card,=20 rl0, is connected to my cable modem. The other card, rl1, is = connected=20 to a Win2000 box. The goal is to have FreeBSD act as a = firewall=20 for the Win2000 machine. I have set the IP address of the = internal=20 network card (rl1) to 10.0.0.1, and I have the IP address of Win2000 = set as=20 10.0.0.2, with a gateway of 10.0.0.1. The problem I'm having is, = I can't=20 get Win2000 to do anything to try and connect to FreeBSD, it won't = even do a=20 ping of the FreeBSD machine. From FreeBSD, I can get on the = internet,=20 and ping Win2000, but, Win2000 won't connect to anything. I've = read=20 quite a few howtos on natd and setting up a firewall, but, I can't = figure out=20 why it's not working. Just from looking at the Win2000 settings, = it=20 appears it's set up right, so, I am wondering if I'm doing something = wrong in=20 FreeBSD.=20 <P>Below I've included the output from ifconfig -a, netstat -rn and = netstat=20 -in. Any help would be greatly appreciated.=20 <P>IFCONFIG -A <BR>rl0:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=20 <BR> inet 24.14.186.233 netmask 0xffffff80 broadcast = 24.14.186.255=20 <BR> inet6 fe80::200:21ff:fedb:7c22%rl0 prefixlen 64 scopeid 0x1=20 <BR> ether 00:00:21:db:7c:22 <BR> media: autoselect (none) = status:=20 active <BR> supported media: autoselect 100baseTX = <full-duplex>=20 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX=20 <hw-loopback> <BR>rl1:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=20 <BR> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255=20 <BR> inet6 fe80::250:baff:fed3:5b03%rl1 prefixlen 64 scopeid 0x2=20 <BR> ether 00:50:ba:d3:5b:03 <BR> media: autoselect = (100baseTX=20 <full-duplex>) status: active <BR> supported media: = autoselect=20 100baseTX <full-duplex> 100baseTX 10baseT/UTP = <full-duplex>=20 10baseT/UTP 100baseTX <hw-loopback> <BR> =20 <P>NETSTAT -RN <BR>Routing tables=20 <P>Internet: <BR>Destination = = Gateway = =20 Flags Netif Expire=20 = <BR>default &n= bsp;=20 24.14.186.129 =20 UGSc rl0=20 = <BR>10/24 &nbs= p; =20 = link#2 &= nbsp;=20 UC rl1 =3D>=20 <BR>24.14.186.128/25 =20 = link#1 &= nbsp;=20 UC rl0 =3D>=20 <BR>24.14.186.129 = 0:30:80:6e:e8:70 =20 UHLW rl0 = 823=20 <BR>24.14.186.255 = ff:ff:ff:ff:ff:ff =20 UHLWb rl0=20 <BR>127.0.0.1 =20 127.0.0.1 =20 UH lo0 = <BR> =20 <P>NETSTAT -IN <BR>Name Mtu =20 Network =20 = Address = =20 Ipkts Ierrs Opkts Oerrs Coll = <BR>rl0 =20 1500 <Link#1> =20 00:00:21:db:7c:22 =20 52 0 =20 11 0 0 = <BR>rl0 =20 1500 24.14.186.128=20 24.14.186.233 =20 52 0 =20 11 0 0 = <BR>rl0 =20 1500 fe80:1::200 = fe80:1::200:21ff: =20 52 0 =20 11 0 0 = <BR>rl1 =20 1500 <Link#2> =20 00:50:ba:d3:5b:03 =20 19 0 = 9 0 0 = <BR>rl1 =20 1500 10/24 =20 = 10.0.0.1  = ; =20 19 0 = 9 0 0 = <BR>rl1 =20 1500 fe80:2::250 = fe80:2::250:baff: =20 19 0 = 9 0 0 <PRE>Sean Chisek devotwo@home.com</PRE> </BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0004_01C07726.A3F244C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c07769$b21584c0$46010a0a>