From owner-freebsd-questions  Sat Jul  3  7:13: 9 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp13.bellglobal.com (smtp13.bellglobal.com [204.101.251.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7EDAE14E27
	for <freebsd-questions@freebsd.org>; Sat,  3 Jul 1999 07:12:51 -0700 (PDT)
	(envelope-from a.genkin@utoronto.ca)
Received: from main.wgaf.net (HSE-TOR-ppp22851.sympatico.ca [209.226.71.141])
	by smtp13.bellglobal.com (8.8.5/8.8.5) with ESMTP id KAA07705;
	Sat, 3 Jul 1999 10:14:08 -0400 (EDT)
Received: from antipode by main.wgaf.net with local (Exim 2.05 #1 (Debian))
	id 110R4P-0000Em-00; Sat, 3 Jul 1999 10:47:09 -0400
To: "Art Neilson, KH7PZ" <art@hawaii.rr.com>
Cc: Arcady Genkin <a.genkin@utoronto.ca>,
	freebsd-questions@freebsd.org
Subject: Re: natd and ipfw
References: <3.0.6.32.19990702205925.032d20a0@clients1.hawaii.rr.com>
From: Arcady Genkin <a.genkin@utoronto.ca>
Date: 03 Jul 1999 10:47:09 -0400
In-Reply-To: "Art Neilson, KH7PZ"'s message of "Fri, 02 Jul 1999 20:59:25 -1000"
Message-ID: <871zep6b9u.fsf@main.wgaf.net>
Lines: 96
User-Agent: Gnus/5.070089 (Pterodactyl Gnus v0.89) XEmacs/21.1 (20 Minutes to Nikko)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Art Neilson, KH7PZ" <art@hawaii.rr.com> writes:

> What do your firewall rules look like?  Did you write any yet?
> You may want to set firewall_enable="YES" and firewall_type="OPEN"
> in your /etc/rc.conf.local or whatever you call your rc.conf
> overrides file.  After you are sure the nework itself is solid
> you can start battening down the hatches by coding up /etc/rc.firewall
> and setting firewall_type="simple" or whatevers matches your rc.firewall
> script.

Well, isn't command "ipfw add allow all from any to any" equivalent to 
what you suggest above?

Thanks.

> >I've attempted to configure ipfirewalling/masquerading on an FreeBSD
> >3.2-Release. Here's what I did:
> >
> >options IPFIREWALL
> >options IPFIREWALL_VERBOSE
> >options IPDIVERT
> >
> >then I added in /etc/rc.conf:
> >
> >gateway_enable="YES"
> >ipfw add allow all from any to any
> >#I'll play with this later
> >
> >then I rebooted and ran "natd -interface ed0"
> >
> >I have 2 computers in my network -- the firewall named "door" 192.168.1.1
> and a
> >workstation named "main" 192.168.1.2. "door" is connected to internet
> >via ed1 (ADSL connection with dhclient), and is able to ping, telnet,
> >ftp, etc. both into the internet and into "main". It connects to main
> >via ed0.
> >
> >"main" is able to connect to "door" in any possible method
> >(i.e. internal tcp/ip link works OK). It runs Linux 2.2.10, and I'm telling
> >it to use "door" as its router:
> >
> >ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up
> >route add -net 192.168.1.0 netmask 255.255.255.0 eth0
> >route add default gw 192.168.1.1 eth0
> >
> >However, "main" is unable to ping anything in the internet. I get the
> >feeling that it routes packets out correctly, because if I ping
> >something, then the nic on "door" flashes LEDs.
> >
> >Can somebody think of something that I'm doing wrong? Thanks a lot in
> advance!
> >
> >Here's output of netstat -r and netstat -i on "door":
> >
> >Routing tables
> >
> >Internet:
> >Destination        Gateway            Flags     Refs     Use     Netif Expire
> >default            HSE-TOR-ppp22711.s UGSc        1       17      ed1
> >localhost          localhost          UH          1        0      lo0
> >192.168.1          link#1             UC          0        0      ed0
> >main               0:80:c8:f2:c6:14   UHLW        0        5      ed0   1191
> >209.226.71         link#2             UC          0        0      ed1
> >HSE-TOR-ppp22711.s 0:90:6f:fc:f8:20   UHLW        2        0      ed1    736
> >HSE-TOR-ppp22919.s localhost          UGHS        0        0      lo0
> >
> >Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
> >ed0   1500  <Link>      00.80.c8.ec.0f.39       47     0       13     0     0
> >ed0   1500  192.168.1     door                  47     0       13     0     0
> >ed1   1500  <Link>      52.54.4c.17.c9.5c       17     0       52     0     0
> >ed1   1500  209.226.71    HSE-TOR-ppp2291       17     0       52     0     0
> >lo0   16384 <Link>                               0     0        0     0     0
> >lo0   16384 127           localhost              0     0        0     0     0
> >
> >=========
> >Here's output of the same commands on "main":
> >
> >Kernel IP routing table
> >Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> >localnet        *               255.255.255.0   U         0 0          0 eth0
> >localnet        *               255.255.255.0   U         0 0          0 eth0
> >default         door.wgaf.net   0.0.0.0         UG        0 0          0 eth0
> >
> >Kernel Interface table
> >Iface   MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP
> TX-OVR Flg
> >eth0   1500   0     4562      0      0      0    12075      3      0
> 0 BRU
> >lo     3924   0       11      0      0      0       11      0      0
> 0 LRU

-- 
Arcady Genkin
"... without money one gets nothing in this world, not even a certificate
of eternal blessedness in the other world..." (S. Kierkegaard)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message