Date: Sun, 7 May 2000 18:47:07 -0700 (PDT) From: Allen Lu <allenklu@yahoo.com> To: cjclark@home.com Cc: questions@freebsd.org Subject: Re: ipfirewall (ipfw) Message-ID: <20000508014707.3683.qmail@web2101.mail.yahoo.com>
index | next in thread | raw e-mail
--- "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> wrote:
> [Can you turn off the forced line-wrapping in your mailer? It makes
> things very hard to read.]
I've set it to 80. Was 75 and 55 before.Yahoo mail does not have no wrapping
looks like.
> On Sun, May 07, 2000 at 09:40:28AM -0700, Allen Lu wrote:
> > Hi I made the modifications as suggested however I
> > still do not get 216.218.224.107 forwarded to
> > 192.168.1.10. It goes directly to the firewall. Here
> > is my current config:
I too agree that this is getting strange because the suggestion by Oliver to
use the redirect_port did not work either. It seems that my config is totally
ignored. I've been recompiling the kernel. Do you suggest I go to a fresh copy
again?
> > > options IPFIREWALL_FORWARD #enable
> > > transparent proxy support
>
> This is not needed.
Will it hurt to keep it in?
> > > Also, change your rc.conf alias line to..
> > >
> > > ifconfig_rl0_alias0="inet 216.218.224.107 netmask
> > > 255.255.255.255
> > > broadcast 216.218.224"
>
> This is correct.
What I had before ifconfig rl0 alias 216.218.224.107 netmask 255.255.255.248
was fine too.
> > > The netmask needs to be 255.255.255.255 or you will
> > > not be able to route
> > > packets between IPs as the machine is looking for
> > > something that is
> > > physically on the net and not just an alias. Packet
> > > forwarding needs to
> > > be on to allow static routing.
>
> I do not understand why this would not be working for you. Have you
> made any customizations to rc.firewall? When your system is up and
> running could you provide the output of,
I thought the rc.firewall may have had wrong entries. I modified the entries to
match my NICs at rl0 and rl1. Didn't modify anything else. For now I am only
using the open policy.
> # ifconfig -a
rogue# ifconfig -a | more
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 216.218.224.106 netmask 0xfffffff8 broadcast 216.218.224.112
inet6 fe80::2e0:29ff:fe5f:5211%rl0 prefixlen 64 scopeid 0x1
inet 216.218.224.107 netmask 0xffffffff broadcast 216.218.224.112
ether 00:e0:29:5f:52:11
media: autoselect (100baseTX <full-duplex>) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UT
P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::2e0:29ff:fe72:3060%rl1 prefixlen 64 scopeid 0x2
ether 00:e0:29:72:30:60
media: autoselect (100baseTX <full-duplex>) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UT
P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe5f:5211%gif0 prefixlen 64 scopeid 0x7
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe5f:5211%gif1 prefixlen 64 scopeid 0x8
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe5f:5211%gif2 prefixlen 64 scopeid 0x9
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe5f:5211%gif3 prefixlen 64 scopeid 0xa
stf0: flags=8000<MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe5f:5211%stf0 prefixlen 64 scopeid 0xb
faith0: flags=8000<MULTICAST> mtu 1500
> # netstat -rn
rogue# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 216.218.224.105 UGSc rl0
127.0.0.1 127.0.0.1 UH lo0
192.168.1 link#2 UC rl1 =>
216.218.224.104/29 link#1 UC rl0 =>
216.218.224.105 0:90:86:ab:d1:20 UHLW rl0 363
216.218.224.107/32 link#1 UC rl0 =>
Internet6:
Destination Gateway Flags
Netif Expire
::1 ::1 UH lo0
fe80::%rl0/64 link#1 UC rl0
fe80::%rl1/64 link#2 UC rl1
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::%gif0/64 fe80::2e0:29ff:fe5f:5211%gif0 Uc gif0
fe80::2e0:29ff:fe5f:5211%gif0 ::1 UH lo0
fe80::%gif1/64 fe80::2e0:29ff:fe5f:5211%gif1 Uc gif1
fe80::2e0:29ff:fe5f:5211%gif1 ::1 UH lo0
fe80::%gif2/64 fe80::2e0:29ff:fe5f:5211%gif2 Uc gif2
fe80::2e0:29ff:fe5f:5211%gif2 ::1 UH lo0
fe80::%gif3/64 fe80::2e0:29ff:fe5f:5211%gif3 Uc gif3
fe80::2e0:29ff:fe5f:5211%gif3 ::1 UH lo0
fe80::%stf0/64 fe80::2e0:29ff:fe5f:5211%stf0 Uc stf0
fe80::2e0:29ff:fe5f:5211%stf0 ::1 UH lo0
ff01::/32 ::1 U lo0
ff02::%rl0/32 link#1 UC rl0
ff02::%rl1/32 link#2 UC rl1
ff02::%lo0/32 fe80::1%lo0 UC lo0
ff02::%gif0/32 fe80::2e0:29ff:fe5f:5211%gif0 UC gif0
ff02::%gif1/32 fe80::2e0:29ff:fe5f:5211%gif1 UC gif1
ff02::%gif2/32 fe80::2e0:29ff:fe5f:5211%gif2 UC gif2
ff02::%gif3/32 fe80::2e0:29ff:fe5f:5211%gif3 UC gif3
ff02::%stf0/32 fe80::2e0:29ff:fe5f:5211%stf0 UC stf0
> # ipfw show
rogue# /sbin/ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
65000 3281 345053 allow ip from any to any
65535 0 0 deny ip from any to any
> # ps aux | grep natd
natd is not running. how is this so? Doesn't natd run by the rc.conf line
natd_enable="YES"?
But for now this is my config.
Allen
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000508014707.3683.qmail>