Date: Sun, 7 May 2000 18:47:07 -0700 (PDT) From: Allen Lu <allenklu@yahoo.com> To: cjclark@home.com Cc: questions@freebsd.org Subject: Re: ipfirewall (ipfw) Message-ID: <20000508014707.3683.qmail@web2101.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
--- "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> wrote: > [Can you turn off the forced line-wrapping in your mailer? It makes > things very hard to read.] I've set it to 80. Was 75 and 55 before.Yahoo mail does not have no wrapping looks like. > On Sun, May 07, 2000 at 09:40:28AM -0700, Allen Lu wrote: > > Hi I made the modifications as suggested however I > > still do not get 216.218.224.107 forwarded to > > 192.168.1.10. It goes directly to the firewall. Here > > is my current config: I too agree that this is getting strange because the suggestion by Oliver to use the redirect_port did not work either. It seems that my config is totally ignored. I've been recompiling the kernel. Do you suggest I go to a fresh copy again? > > > options IPFIREWALL_FORWARD #enable > > > transparent proxy support > > This is not needed. Will it hurt to keep it in? > > > Also, change your rc.conf alias line to.. > > > > > > ifconfig_rl0_alias0="inet 216.218.224.107 netmask > > > 255.255.255.255 > > > broadcast 216.218.224" > > This is correct. What I had before ifconfig rl0 alias 216.218.224.107 netmask 255.255.255.248 was fine too. > > > The netmask needs to be 255.255.255.255 or you will > > > not be able to route > > > packets between IPs as the machine is looking for > > > something that is > > > physically on the net and not just an alias. Packet > > > forwarding needs to > > > be on to allow static routing. > > I do not understand why this would not be working for you. Have you > made any customizations to rc.firewall? When your system is up and > running could you provide the output of, I thought the rc.firewall may have had wrong entries. I modified the entries to match my NICs at rl0 and rl1. Didn't modify anything else. For now I am only using the open policy. > # ifconfig -a rogue# ifconfig -a | more rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 216.218.224.106 netmask 0xfffffff8 broadcast 216.218.224.112 inet6 fe80::2e0:29ff:fe5f:5211%rl0 prefixlen 64 scopeid 0x1 inet 216.218.224.107 netmask 0xffffffff broadcast 216.218.224.112 ether 00:e0:29:5f:52:11 media: autoselect (100baseTX <full-duplex>) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UT P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2e0:29ff:fe72:3060%rl1 prefixlen 64 scopeid 0x2 ether 00:e0:29:72:30:60 media: autoselect (100baseTX <full-duplex>) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UT P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe5f:5211%gif0 prefixlen 64 scopeid 0x7 gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe5f:5211%gif1 prefixlen 64 scopeid 0x8 gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe5f:5211%gif2 prefixlen 64 scopeid 0x9 gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe5f:5211%gif3 prefixlen 64 scopeid 0xa stf0: flags=8000<MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe5f:5211%stf0 prefixlen 64 scopeid 0xb faith0: flags=8000<MULTICAST> mtu 1500 > # netstat -rn rogue# netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 216.218.224.105 UGSc rl0 127.0.0.1 127.0.0.1 UH lo0 192.168.1 link#2 UC rl1 => 216.218.224.104/29 link#1 UC rl0 => 216.218.224.105 0:90:86:ab:d1:20 UHLW rl0 363 216.218.224.107/32 link#1 UC rl0 => Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%rl0/64 link#1 UC rl0 fe80::%rl1/64 link#2 UC rl1 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::%gif0/64 fe80::2e0:29ff:fe5f:5211%gif0 Uc gif0 fe80::2e0:29ff:fe5f:5211%gif0 ::1 UH lo0 fe80::%gif1/64 fe80::2e0:29ff:fe5f:5211%gif1 Uc gif1 fe80::2e0:29ff:fe5f:5211%gif1 ::1 UH lo0 fe80::%gif2/64 fe80::2e0:29ff:fe5f:5211%gif2 Uc gif2 fe80::2e0:29ff:fe5f:5211%gif2 ::1 UH lo0 fe80::%gif3/64 fe80::2e0:29ff:fe5f:5211%gif3 Uc gif3 fe80::2e0:29ff:fe5f:5211%gif3 ::1 UH lo0 fe80::%stf0/64 fe80::2e0:29ff:fe5f:5211%stf0 Uc stf0 fe80::2e0:29ff:fe5f:5211%stf0 ::1 UH lo0 ff01::/32 ::1 U lo0 ff02::%rl0/32 link#1 UC rl0 ff02::%rl1/32 link#2 UC rl1 ff02::%lo0/32 fe80::1%lo0 UC lo0 ff02::%gif0/32 fe80::2e0:29ff:fe5f:5211%gif0 UC gif0 ff02::%gif1/32 fe80::2e0:29ff:fe5f:5211%gif1 UC gif1 ff02::%gif2/32 fe80::2e0:29ff:fe5f:5211%gif2 UC gif2 ff02::%gif3/32 fe80::2e0:29ff:fe5f:5211%gif3 UC gif3 ff02::%stf0/32 fe80::2e0:29ff:fe5f:5211%stf0 UC stf0 > # ipfw show rogue# /sbin/ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 65000 3281 345053 allow ip from any to any 65535 0 0 deny ip from any to any > # ps aux | grep natd natd is not running. how is this so? Doesn't natd run by the rc.conf line natd_enable="YES"? But for now this is my config. Allen __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000508014707.3683.qmail>