From owner-freebsd-net Fri Jan 5 11:50:22 2001 From owner-freebsd-net@FreeBSD.ORG Fri Jan 5 11:49:56 2001 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 6977937B400 for ; Fri, 5 Jan 2001 11:49:55 -0800 (PST) Received: from wkst ([209.16.228.146]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id OAA23130; Fri, 5 Jan 2001 14:55:03 -0500 Reply-To: From: "Peter Brezny" To: "'Sean'" Cc: Subject: RE: Problem with Multihomed Machine Date: Fri, 5 Jan 2001 14:48:59 -0800 Message-ID: <000301c07769$b21584c0$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C07726.A3F244C0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3A55BE97.B30025E8@home.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0004_01C07726.A3F244C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit If your freebsd machine is working fine and you can ping the windows box from freebsd but not the other way, it seems to point to your firewall preventing the windows box from connecting. you can disable the firewall completely and see if you can ping from the windows machine, then work back from there. try ipfw -f flush ipfw add allow all from any to any at the command line then see if things work. you can use /etc/netstart to reread your rc.conf (and restart your firewall) or restart the firewall directly if it's a script sh /etc/rc.firewall have a look at http://www.bsdtoday.com/2000/December/Features359.html for yet another nat/ipfw how to. Peter Brezny SysAdmin Services Inc. -----Original Message----- From: root@FreeBSD.ORG [mailto:root@FreeBSD.ORG]On Behalf Of Sean Sent: Friday, January 05, 2001 4:31 AM To: freebsd-net@FreeBSD.ORG Subject: Problem with Multihomed Machine Hello. I'm having some problems setting up a multihomed machine and was wondering if someone could point me in the right direction. I have a FreeBSD box with 2 ethernet cards. One card, rl0, is connected to my cable modem. The other card, rl1, is connected to a Win2000 box. The goal is to have FreeBSD act as a firewall for the Win2000 machine. I have set the IP address of the internal network card (rl1) to 10.0.0.1, and I have the IP address of Win2000 set as 10.0.0.2, with a gateway of 10.0.0.1. The problem I'm having is, I can't get Win2000 to do anything to try and connect to FreeBSD, it won't even do a ping of the FreeBSD machine. From FreeBSD, I can get on the internet, and ping Win2000, but, Win2000 won't connect to anything. I've read quite a few howtos on natd and setting up a firewall, but, I can't figure out why it's not working. Just from looking at the Win2000 settings, it appears it's set up right, so, I am wondering if I'm doing something wrong in FreeBSD. Below I've included the output from ifconfig -a, netstat -rn and netstat -in. Any help would be greatly appreciated. IFCONFIG -A rl0: flags=8843 mtu 1500 inet 24.14.186.233 netmask 0xffffff80 broadcast 24.14.186.255 inet6 fe80::200:21ff:fedb:7c22%rl0 prefixlen 64 scopeid 0x1 ether 00:00:21:db:7c:22 media: autoselect (none) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP 100baseTX rl1: flags=8843 mtu 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::250:baff:fed3:5b03%rl1 prefixlen 64 scopeid 0x2 ether 00:50:ba:d3:5b:03 media: autoselect (100baseTX ) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP 100baseTX NETSTAT -RN Routing tables Internet: Destination Gateway Flags Netif Expire default 24.14.186.129 UGSc rl0 10/24 link#2 UC rl1 => 24.14.186.128/25 link#1 UC rl0 => 24.14.186.129 0:30:80:6e:e8:70 UHLW rl0 823 24.14.186.255 ff:ff:ff:ff:ff:ff UHLWb rl0 127.0.0.1 127.0.0.1 UH lo0 NETSTAT -IN Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll rl0 1500 00:00:21:db:7c:22 52 0 11 0 0 rl0 1500 24.14.186.128 24.14.186.233 52 0 11 0 0 rl0 1500 fe80:1::200 fe80:1::200:21ff: 52 0 11 0 0 rl1 1500 00:50:ba:d3:5b:03 19 0 9 0 0 rl1 1500 10/24 10.0.0.1 19 0 9 0 0 rl1 1500 fe80:2::250 fe80:2::250:baff: 19 0 9 0 0 Sean Chisek devotwo@home.com ------=_NextPart_000_0004_01C07726.A3F244C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

If=20 your freebsd machine is working fine and you can ping the windows box = from=20 freebsd but not the other way, it seems to point to your firewall = preventing the=20 windows box from connecting.

you=20 can disable the firewall completely and see if you can ping from the = windows=20 machine, then work back from there.

try

ipfw=20 -f flush

ipfw=20 add allow all from any to any

at the=20 command line then see if things work.

you=20 can use

/etc/netstart

to=20 reread your rc.conf (and restart your firewall)

or=20 restart the firewall directly if it's a script

sh=20 /etc/rc.firewall

have a=20 look at

http://www.bsdtoday.com/2000/December/Features359.html

for yet = another=20 nat/ipfw how to.

Peter Brezny
SysAdmin Services Inc.

-----Original Message-----
From: root@FreeBSD.ORG=20 [mailto:root@FreeBSD.ORG]On Behalf Of Sean
Sent: = Friday,=20 January 05, 2001 4:31 AM
To:=20 freebsd-net@FreeBSD.ORG
Subject: Problem with Multihomed=20 Machine

Hello. I'm having some problems = setting up a=20 multihomed machine and was wondering if someone could point me in the = right=20 direction. I have a FreeBSD box with 2 ethernet cards. One = card,=20 rl0, is connected to my cable modem. The other card, rl1, is = connected=20 to a Win2000 box.   The goal is to have FreeBSD act as a = firewall=20 for the Win2000 machine. I have set the IP address of the = internal=20 network card (rl1) to 10.0.0.1, and I have the IP address of Win2000 = set as=20 10.0.0.2, with a gateway of 10.0.0.1. The problem I'm having is, = I can't=20 get Win2000 to do anything to try and connect to FreeBSD, it won't = even do a=20 ping of the FreeBSD machine. From FreeBSD, I can get on the = internet,=20 and ping Win2000, but, Win2000 won't connect to anything. I've = read=20 quite a few howtos on natd and setting up a firewall, but, I can't = figure out=20 why it's not working. Just from looking at the Win2000 settings, = it=20 appears it's set up right, so, I am wondering if I'm doing something = wrong in=20 FreeBSD.=20
Below I've included the output from ifconfig -a, netstat -rn and = netstat=20 -in. Any help would be greatly appreciated.=20
IFCONFIG -A
rl0:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=20
inet 24.14.186.233 netmask 0xffffff80 broadcast = 24.14.186.255=20
inet6 fe80::200:21ff:fedb:7c22%rl0 prefixlen 64 scopeid 0x1=20
ether 00:00:21:db:7c:22
media: autoselect (none) = status:=20 active
supported media: autoselect 100baseTX = <full-duplex>=20 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX=20 <hw-loopback>
rl1:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500=20
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255=20
inet6 fe80::250:baff:fed3:5b03%rl1 prefixlen 64 scopeid 0x2=20
ether 00:50:ba:d3:5b:03
media: autoselect = (100baseTX=20 <full-duplex>) status: active
supported media: = autoselect=20 100baseTX <full-duplex> 100baseTX 10baseT/UTP = <full-duplex>=20 10baseT/UTP 100baseTX <hw-loopback>
=20
NETSTAT -RN
Routing tables=20
Internet:
Destination        = = Gateway           = =20 Flags      Netif Expire=20 =
default          &n= bsp;=20 24.14.186.129     =20 UGSc        rl0=20 =
10/24          &nbs= p;  =20 = link#2           &= nbsp;=20 UC          rl1 =3D>=20
24.14.186.128/25  =20 = link#1           &= nbsp;=20 UC          rl0 =3D>=20
24.14.186.129      = 0:30:80:6e:e8:70  =20 UHLW        rl0    = 823=20
24.14.186.255      = ff:ff:ff:ff:ff:ff =20 UHLWb       rl0=20
127.0.0.1         =20 127.0.0.1         =20 UH          lo0 =
=20
NETSTAT -IN
Name Mtu  =20 Network      =20 = Address           = =20 Ipkts Ierrs    Opkts Oerrs Coll =
rl0  =20 1500 <Link#1>   =20 00:00:21:db:7c:22      =20 52     0      =20 11     0     0 =
rl0  =20 1500 24.14.186.128=20 24.14.186.233        =20 52     0      =20 11     0     0 =
rl0  =20 1500 fe80:1::200 = fe80:1::200:21ff:      =20 52     0      =20 11     0     0 =
rl1  =20 1500 <Link#2>   =20 00:50:ba:d3:5b:03      =20 19     0        = 9     0     0 =
rl1  =20 1500 10/24        =20 = 10.0.0.1           = ;  =20 19     0        = 9     0     0 =
rl1  =20 1500 fe80:2::250 = fe80:2::250:baff:      =20 19     0        = 9     0     0
Sean Chisek
devotwo@home.com

------=_NextPart_000_0004_01C07726.A3F244C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message