From owner-freebsd-questions@FreeBSD.ORG Sat Sep 13 23:48:30 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58CD316A4E5 for ; Sat, 13 Sep 2003 23:48:30 -0700 (PDT) Received: from southgate.ph.inter.net (lanceb.ph.inter.net [202.61.82.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id D038743FBF for ; Sat, 13 Sep 2003 23:48:28 -0700 (PDT) (envelope-from chael@southgate.ph.inter.net) Received: from mrj (unknown [203.168.14.92]) by southgate.ph.inter.net (Postfix) with SMTP id 6920E217F; Sun, 14 Sep 2003 14:48:24 +0800 (PHT) Message-ID: <000b01c37a8c$36ac7db0$5c0ea8cb@mrj> From: To: , References: <20030914045750.79959.qmail@web13503.mail.yahoo.com> Date: Sun, 14 Sep 2003 14:48:31 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: Problem(s) resolving names with natd/ipfw. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Sep 2003 06:48:30 -0000 1. I would try enabling named on the FreeBSD gateway and set it as a forwarder to the DNS of my ISP. Then set all the clients' primary DNS to that of the internal IP of your gateway. 2. I would also not use "OPEN" firewall type. I would not be comfortable with it. 3. I would also take out the lines firewall_type and firewall_script from rc.conf and instead create a shell script in a startup_dir (eg /usr/local/etc/rc.d) and put all my ipfw rules in there and chmod it to be executable. I think the original /etc/rc.firewall awaits variables set in rc.conf eg firewall_type, etc. ----- Original Message ----- From: "Jose Albores" To: Sent: Sunday, September 14, 2003 12:57 PM Subject: Problem(s) resolving names with natd/ipfw. > The problem summary is as follows: > I'm setting up a very simple LAN at home using only > two machines with fixed private ip addresses either. > The FreeBSD gateway is connected to the internet > through my cablemodem ISP's modem. > > The problem is that the Windows XP client CANNOT > access the Internet with alphabetic names (should be > called a DNS problem?) but it YES CAN do it with ip > addresses (numbers). > > AFAIK (being a newbie in networking issues) it seems > that no problems arise from the gateway side after > "setting" up natd/ipfw. > > >From the client, I can ping to numeric addresses > locally and outside. And (again using ip-numbers) I > can telnet to my pop server's 110 port. But not with > "names". > The (gateway) server has NO problems with alphabetic > addresses. Neither pinging the local network nor with > the internet. > > Maybe I forgot some "flag" for natd in my > /etc/rc.conf? > Is/are there other option/s in my kernel-configuration > file needeed? > Any hint will be appreciated. Please feel free to ask > for any necessary info. > > > These are the "details". > It's my first job with networks, and the scenario is > as follows: > The server: > · Pentium 233 MMX. > · OS: FreeBSD 4.8-RELEASE. Alternating with Win 98 > for testing. > · dc0: interfase to my cablemodem ISP. > · vr0: interfase to my local network connected to a > hub. > > The client: > · AMD athlon xp 2.0 Ghz. > · OS: Windows XP. > Adding DNS servers to the network config in the client > didn't solve the problem. > BTW it's not necessary to add DNS entries when the > server boots with Win 98 + Microsoft's ICS. > > On the server side, I built a new kernel with (all?) > the necessary options: > · The GENERIC kernel, adding: > options IPDIVERT > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=200 > options IPFIREWALL_DEFAULT_TO_ACCEPT > > The /etc/hosts file has three entries: > 127.0.0.1 localhost localhost.homenet.org > 192.168.0.1 david david.homenet.org > 192.198.0.2 goliath goliath.homenet.org > > My /etc/resolv.conf has been automagically generated > when first configured the interfases. > Maybe? it updates on every boot. > > And my networking-related lines in /etc/resolv.conf > are as follows: > --- Begin of /etc/rc.conf --- > hostname="david.homenet.org" > # [...] chunking a few not-networking lines... > ifconfig_dc0="DHCP" > ifconfig_vr0="inet 192.168.0.1 netmask 255.255.255.0" > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > firewall_script="/etc/my.rc.firewall" > #firewall_script="/etc/rc.firewall" ### did not work > either!!! > natd_enable="YES" > natd_interface="dc0" > natd_flags="" > --- End of /etc/rc.conf --- > > > The COMPLETE /etc/my.rc.firewall is extremely simple: > --- Begin --- > #!/bin/sh > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via dc0 > /sbin/ipfw add pass all from any to any > --- End --- > Testing "blindly" the /etc/rc.firewall also did not > work. > Learning ipfw secrets will be left for the immediate > future ;o))). > > > TIA. > -- > José Albores - > > ------------ > Internet GRATIS es Yahoo! Conexión > 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo > Más ciudades: http://conexion.yahoo.com.ar > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >