Date: Sat, 6 Jul 2002 17:35:49 -0500 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@FreeBSD.org Subject: stuck on ipfw/natd config Message-ID: <20020706173549.A493@darkpossum>
index | next in thread | raw e-mail
[-- Attachment #1 --] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all i've been trying to get ipfw/natd going, with no luck. i was wondering if anyone could point me to some good, *up-to-date* documentation on how this is done. i'd like to set up one machine with ipfw/natd &/of ipf/ipnat (although the documentation on the internet for ipf i find to be even more obtuse &/or out of date) to serve as a gateway for about 5-10 machines, all with static ips, although i've installed dhcpd to provide for dhcp machines to be hooked up to it in the future. i've bought 'FreeBSD Unleashed' from SAMS press, but the documentation on setting up ipfw/nat is scant and to me it looks like it's missing some really obvious steps - like recompiling your kernel for firewall/nat... so i've been mainly following the directions at http://www.kcgeek.com/content/features/1020842040.blather.howto/feature.html, changing a few things for my setup. i haven't even gotten to configuring any rules for the firewall, as i can't even seem to get natd to work as of yet. here's my system specs: dell optiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated 3com 3c905x, one pci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to be used externally, the integrated nic - xl1 - is to be used for the internal network. so far i've: 1. added the following lines to /etc/rc.conf gateway_enable="YES" natd_enable="YES" natd_interface="xl1" natd_flags="-s -u -m" firewall_enable="YES" firewall_logging_enable="YES" firewall_quiet="NO" firewall_type="open" hostname="[your hostname here]" ifconfig_xl0="inet xxx.xxx.xxx.xxx (my static ip) netmask 255.255.255.0" //external nic ifconfig_xl1="inet 192.168.70.230 netmask 255.255.255.0" //internal nic 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. gzip -cd dhcp-3.0.tar.gz | tar xvf cd dhcp-3.0pl1 ./configure make, make install 3. created /usr/local/etc/rc.d/dhcpd.sh #!/bin/sh /usr/sbin/dhcpd xl1 -q 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf and inserted the following lines: option domain-name "[my internal network domain name here]"; option domain-name-servers [my DNS server IP here]; ddns-updates off; ddns-update-style none; default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.70.0 netmask 255.255.255.0 { range 192.168.70.100 192.168.70.150; option domain-name "[my internal networks domain name here]"; option domain-name-servers [my DNS server IP here]; default-lease-time 600; max-lease-time 7200; option routers 192.168.70.230; option broadcast-address 192.168.70.255; default-lease-time 600; max-lease-time 7200; } 5. # touch /var/db/dhcpd.leases # chmod 644 /var/db/dhcpd.leases start the server: # /usr/local/etc/rc.d/dhcpd.conf #shutdown -r now, reboot change default gateway on 2nd machine to external nic's ip i have: ethernet cable from wall (t100 line) to external nic, ethernet cable from internal nic to hublet, ethernet cable from hublet to 2nd machine. reboot both machines, and it doesn't seem to work. the 2nd machine is a webserver, i can't go to a third machine and bring up any pages. anyways, i've been plugging at it for 3-4 days now, all day. i have a feeling i'm missing something really simple. if anyone more experienced could clue me in or point me to some good howto's i'd really appreciate it. thanks again redmond -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU DcgxODkUR0BKRIFBX2F0nC0= =vBmI -----END PGP SIGNATURE----- [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DFFNjun16SvHYRAvC3AJ0aCE3ueieIt+ZVPbMX72X7wr5KVQCfcgmC 7gXPiagW3rIFcg6DjcDf8xM= =Nk8H -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020706173549.A493>