Date: Mon, 15 Aug 2005 04:46:54 -0400 From: Tim Holmes <tim@unixtechs.org> To: freebsd-questions@freebsd.org Subject: FreeBSD Gateway problems Message-ID: <20050815084654.GA1472@blackguy.unixtechs.org>
next in thread | raw e-mail | index | archive | help
For years I've used a FreeBSD as my gateway. Well I haven't had a high
speed connection for 3 years now, and I've just gotten it back. Since
then I've reloaded the machine from 4.3 to 5.3. I thought I had it all
set up so when I did get connection, I could make a quick edit to my
rc.conf and I'd be ready to go. Well turns out I was way off.
The machine has no problems geting an IP from the cable modem, and I can
get anywhere I want from that machine directly. (I'm currently ssh'd to
the router machine to send email, use w3m to find How-Tos) But it won't
pass traffic from the rest of the network.
Here are the settings in my rc.conf:
gateway_enable="YES" # Enable as Lan gateway
# firewall_enable="YES"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /etc/natd.conf"
ipmon_enable="YES"
ipmon_flags="-Ds"
The firewall_enable is disable now because when it's turned on, I can't
actually get out from directly on the machine. At this point I just want
it to do the routing and then I can work on building a firewall afterwards.
Before I did the update and rebuilt the kernel yesterday, I had these options
in rc.conf
# ipnat_enable="YES" # Start ipnat function
# ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
# ipfilter_enable="YES" # Start ipf firewall
# ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed
was "gateway_enable=YES" and "firewall_enable=YES". Also to add these two
options to the kernel:
options IPFILTER
options IPDIVERT
But that wasn't working. Another mentioned I needed defaultrouter="192.168.2.254",
but that's not doing it either. It wasn't actually running nat, and I'd get errors
if I tried to start. Here's the message I saw at boot after a new kernel.
1: unexpected keyword (any) - from
/sbin/ipf: /etc/ipf.rules: parse error (-1), quitting
/etc/rc: WARNING: NO IPNAT RULES
After following some other How-Tos I tried running ipfw, but I keep getting an error
message that won't return any helpful searches from Google.
# ipnat -f /etc/ipnat.conf
ioctl(SIOCGNATS): Operation not permitted
# ipfw -f flush
ipfw: setsockopt(IP_FW_FLUSH): Protocol not available
# ipf -FA -f /etc/ipf.rules
ioctl(SIOCIPFFL): Operation not permitted
# ipfw add divert natd all from any to any via xl0
ipfw: getsockopt(IP_FW_ADD): Protocol not available
None of those error messages will give me anything to go. So I'm at a lose here. Can
anybody point me to How-To, or share their rc.conf edits to make this work?
I know this was a little long, but thanks in advance for the help.
tdh
--
----------------+-------------------------------------------------
\./ | Tim Holmes -- em@il: tim@unixtechs.org
(0Y0) | UIN: 17021091 -- AIM: tdh004
-ooO--(_)--Ooo--+-------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050815084654.GA1472>