From owner-freebsd-questions Sat Jul 6 15:45:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4043137B400 for ; Sat, 6 Jul 2002 15:45:45 -0700 (PDT) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.246.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA62943E31 for ; Sat, 6 Jul 2002 15:45:44 -0700 (PDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (localhost.medill.northwestern.edu [127.0.0.1]) by darkpossum.medill.northwestern.edu (8.12.3/8.12.3) with ESMTP id g66MZoXA000548 for ; Sat, 6 Jul 2002 17:35:50 -0500 (CDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost) by darkpossum.medill.northwestern.edu (8.12.3/8.12.3/Submit) id g66MZnKx000547 for freebsd-questions@FreeBSD.org; Sat, 6 Jul 2002 17:35:49 -0500 (CDT) Date: Sat, 6 Jul 2002 17:35:49 -0500 From: Redmond Militante To: freebsd-questions@FreeBSD.org Subject: stuck on ipfw/natd config Message-ID: <20020706173549.A493@darkpossum> Reply-To: Redmond Militante Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=3 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-Tofu: The other white meat substitute. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all i've been trying to get ipfw/natd going, with no luck. i was wondering if = anyone could point me to some good, *up-to-date* documentation on how this = is done. i'd like to set up one machine with ipfw/natd &/of ipf/ipnat (alt= hough the documentation on the internet for ipf i find to be even more obtu= se &/or out of date) to serve as a gateway for about 5-10 machines, all wit= h static ips, although i've installed dhcpd to provide for dhcp machines to= be hooked up to it in the future. i've bought 'FreeBSD Unleashed' from SA= MS press, but the documentation on setting up ipfw/nat is scant and to me i= t looks like it's missing some really obvious steps - like recompiling your= kernel for firewall/nat... so i've been mainly following the directions at= http://www.kcgeek.com/content/features/1020842040.blather.howto/feature.ht= ml, changing a few things for my setup. i haven't even gotten to configuring any rules for the firewall, as i can't= even seem to get natd to work as of yet. here's my system specs: dell op= tiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated 3com 3c905x, one p= ci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to be used externally, th= e integrated nic - xl1 - is to be used for the internal network. so far i'v= e: 1. added the following lines to /etc/rc.conf gateway_enable=3D"YES"=20 natd_enable=3D"YES"=20 natd_interface=3D"xl1"=20 natd_flags=3D"-s -u -m"=20 firewall_enable=3D"YES"=20 firewall_logging_enable=3D"YES"=20 firewall_quiet=3D"NO"=20 firewall_type=3D"open"=20 hostname=3D"[your hostname here]"=20 ifconfig_xl0=3D"inet xxx.xxx.xxx.xxx (my static ip) netmask 255.255.255.0" = //external nic ifconfig_xl1=3D"inet 192.168.70.230 netmask 255.255.255.0" //internal nic 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. = =20 gzip -cd dhcp-3.0.tar.gz | tar xvf cd dhcp-3.0pl1 =2E/configure make, make install 3. created /usr/local/etc/rc.d/dhcpd.sh #!/bin/sh /usr/sbin/dhcpd xl1 -q=20 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf=20 =20 and inserted the following lines:=20 =20 option domain-name "[my internal network domain name here]";=20 option domain-name-servers [my DNS server IP here];=20 ddns-updates off;=20 ddns-update-style none;=20 =20 default-lease-time 600;=20 max-lease-time 7200;=20 =20 authoritative;=20 =20 subnet 192.168.70.0 netmask 255.255.255.0 {=20 range 192.168.70.100 192.168.70.150; option domain-name "[my internal netwo= rks domain name here]"; option domain-name-servers [my DNS server IP here];= =20 =20 default-lease-time 600;=20 max-lease-time 7200;=20 option routers 192.168.70.230; option broadcast-address 192.168.70.255;=20 default-lease-time 600;=20 max-lease-time 7200;=20 }=20 5. # touch /var/db/dhcpd.leases=20 # chmod 644 /var/db/dhcpd.leases start the server: # /usr/local/etc/rc.d/dhcpd.conf #shutdown -r now, reboot change default gateway on 2nd machine to external nic's ip i have: ethernet cable from wall (t100 line) to external nic, ethernet cabl= e from internal nic to hublet, ethernet cable from hublet to 2nd machine. reboot both machines, and it doesn't seem to work. the 2nd machine is a we= bserver, i can't go to a third machine and bring up any pages. anyways, i've been plugging at it for 3-4 days now, all day. i have a feel= ing i'm missing something really simple. if anyone more experienced could = clue me in or point me to some good howto's i'd really appreciate it. thanks again redmond -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU DcgxODkUR0BKRIFBX2F0nC0=3D =3DvBmI -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DFFNjun16SvHYRAvC3AJ0aCE3ueieIt+ZVPbMX72X7wr5KVQCfcgmC 7gXPiagW3rIFcg6DjcDf8xM= =Nk8H -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message