Date: Sat, 6 Jul 2002 14:53:37 -0800 From: Mark "Thumper" Weisman <mystic_mac1@mac.com> To: Redmond Militante <r-militante@northwestern.edu> Cc: freebsd-questions@FreeBSD.org Subject: Re: stuck on ipfw/natd config Message-ID: <356D3756-9133-11D6-A73F-00306548FDCC@mac.com> In-Reply-To: <20020706173549.A493@darkpossum>
next in thread | previous in thread | raw e-mail | index | archive | help
www.freebsddiary.com has some decent information on natd/ipfw and so does www.geekvenue.net/chucktips His Faithful Servant, Mark On Saturday, July 6, 2002, at 02:35 PM, Redmond Militante wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi all > > i've been trying to get ipfw/natd going, with no luck. i was wondering > if anyone could point me to some good, *up-to-date* documentation on > how this is done. i'd like to set up one machine with ipfw/natd &/of > ipf/ipnat (although the documentation on the internet for ipf i find to > be even more obtuse &/or out of date) to serve as a gateway for about > 5-10 machines, all with static ips, although i've installed dhcpd to > provide for dhcp machines to be hooked up to it in the future. i've > bought 'FreeBSD Unleashed' from SAMS press, but the documentation on > setting up ipfw/nat is scant and to me it looks like it's missing some > really obvious steps - like recompiling your kernel for firewall/nat... > so i've been mainly following the directions at > http://www.kcgeek.com/content/features/1020842040.blather.howto/feature.html, > changing a few things for my setup. > > i haven't even gotten to configuring any rules for the firewall, as i > can't even seem to get natd to work as of yet. here's my system > specs: dell optiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated > 3com 3c905x, one pci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to > be used externally, the integrated nic - xl1 - is to be used for the > internal network. so far i've: > > 1. added the following lines to /etc/rc.conf > > gateway_enable="YES" > natd_enable="YES" > natd_interface="xl1" > natd_flags="-s -u -m" > firewall_enable="YES" > firewall_logging_enable="YES" > firewall_quiet="NO" > firewall_type="open" > hostname="[your hostname here]" > ifconfig_xl0="inet xxx.xxx.xxx.xxx (my static ip) netmask > 255.255.255.0" //external nic > ifconfig_xl1="inet 192.168.70.230 netmask 255.255.255.0" //internal nic > > 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. > gzip -cd dhcp-3.0.tar.gz | tar xvf > cd dhcp-3.0pl1 > ./configure > make, make install > > 3. created /usr/local/etc/rc.d/dhcpd.sh > > #!/bin/sh > /usr/sbin/dhcpd xl1 -q > > 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf > > and inserted the following lines: > > option domain-name "[my internal network domain name here]"; > option domain-name-servers [my DNS server IP here]; > ddns-updates off; > ddns-update-style none; > > default-lease-time 600; > max-lease-time 7200; > > authoritative; > > subnet 192.168.70.0 netmask 255.255.255.0 { > range 192.168.70.100 192.168.70.150; option domain-name "[my internal > networks domain name here]"; option domain-name-servers [my DNS server > IP here]; > > default-lease-time 600; > max-lease-time 7200; > option routers 192.168.70.230; option broadcast-address 192.168.70.255; > default-lease-time 600; > max-lease-time 7200; > } > > 5. # touch /var/db/dhcpd.leases > # chmod 644 /var/db/dhcpd.leases > > start the server: # /usr/local/etc/rc.d/dhcpd.conf > #shutdown -r now, reboot > > change default gateway on 2nd machine to external nic's ip > i have: ethernet cable from wall (t100 line) to external nic, ethernet > cable from internal nic to hublet, ethernet cable from hublet to 2nd > machine. > reboot both machines, and it doesn't seem to work. the 2nd machine is > a webserver, i can't go to a third machine and bring up any pages. > > anyways, i've been plugging at it for 3-4 days now, all day. i have a > feeling i'm missing something really simple. if anyone more > experienced could clue me in or point me to some good howto's i'd > really appreciate it. > > thanks again > > redmond > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (FreeBSD) > > iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU > DcgxODkUR0BKRIFBX2F0nC0= > =vBmI > -----END PGP SIGNATURE----- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?356D3756-9133-11D6-A73F-00306548FDCC>