From owner-freebsd-questions Sat Jul 6 15:53:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B997737B400 for ; Sat, 6 Jul 2002 15:53:46 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F16F43E09 for ; Sat, 6 Jul 2002 15:53:46 -0700 (PDT) (envelope-from mystic_mac1@mac.com) Received: from smtp-relay01.mac.com (smtp-relay01-en1 [10.13.10.224]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g66Mrj7d023848 for ; Sat, 6 Jul 2002 15:53:46 -0700 (PDT) Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65]) by smtp-relay01.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g66MreWf025369 for ; Sat, 6 Jul 2002 15:53:40 -0700 (PDT) Received: from localhost ([24.237.3.35]) by asmtp01.mac.com (Netscape Messaging Server 4.15) with ESMTP id GYUNLF00.JFI; Sat, 6 Jul 2002 15:53:39 -0700 Date: Sat, 6 Jul 2002 14:53:37 -0800 Subject: Re: stuck on ipfw/natd config Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: freebsd-questions@FreeBSD.org To: Redmond Militante From: Mark "Thumper" Weisman In-Reply-To: <20020706173549.A493@darkpossum> Message-Id: <356D3756-9133-11D6-A73F-00306548FDCC@mac.com> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG www.freebsddiary.com has some decent information on natd/ipfw and so does www.geekvenue.net/chucktips His Faithful Servant, Mark On Saturday, July 6, 2002, at 02:35 PM, Redmond Militante wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi all > > i've been trying to get ipfw/natd going, with no luck. i was wondering > if anyone could point me to some good, *up-to-date* documentation on > how this is done. i'd like to set up one machine with ipfw/natd &/of > ipf/ipnat (although the documentation on the internet for ipf i find to > be even more obtuse &/or out of date) to serve as a gateway for about > 5-10 machines, all with static ips, although i've installed dhcpd to > provide for dhcp machines to be hooked up to it in the future. i've > bought 'FreeBSD Unleashed' from SAMS press, but the documentation on > setting up ipfw/nat is scant and to me it looks like it's missing some > really obvious steps - like recompiling your kernel for firewall/nat... > so i've been mainly following the directions at > http://www.kcgeek.com/content/features/1020842040.blather.howto/feature.html, > changing a few things for my setup. > > i haven't even gotten to configuring any rules for the firewall, as i > can't even seem to get natd to work as of yet. here's my system > specs: dell optiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated > 3com 3c905x, one pci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to > be used externally, the integrated nic - xl1 - is to be used for the > internal network. so far i've: > > 1. added the following lines to /etc/rc.conf > > gateway_enable="YES" > natd_enable="YES" > natd_interface="xl1" > natd_flags="-s -u -m" > firewall_enable="YES" > firewall_logging_enable="YES" > firewall_quiet="NO" > firewall_type="open" > hostname="[your hostname here]" > ifconfig_xl0="inet xxx.xxx.xxx.xxx (my static ip) netmask > 255.255.255.0" //external nic > ifconfig_xl1="inet 192.168.70.230 netmask 255.255.255.0" //internal nic > > 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. > gzip -cd dhcp-3.0.tar.gz | tar xvf > cd dhcp-3.0pl1 > ./configure > make, make install > > 3. created /usr/local/etc/rc.d/dhcpd.sh > > #!/bin/sh > /usr/sbin/dhcpd xl1 -q > > 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf > > and inserted the following lines: > > option domain-name "[my internal network domain name here]"; > option domain-name-servers [my DNS server IP here]; > ddns-updates off; > ddns-update-style none; > > default-lease-time 600; > max-lease-time 7200; > > authoritative; > > subnet 192.168.70.0 netmask 255.255.255.0 { > range 192.168.70.100 192.168.70.150; option domain-name "[my internal > networks domain name here]"; option domain-name-servers [my DNS server > IP here]; > > default-lease-time 600; > max-lease-time 7200; > option routers 192.168.70.230; option broadcast-address 192.168.70.255; > default-lease-time 600; > max-lease-time 7200; > } > > 5. # touch /var/db/dhcpd.leases > # chmod 644 /var/db/dhcpd.leases > > start the server: # /usr/local/etc/rc.d/dhcpd.conf > #shutdown -r now, reboot > > change default gateway on 2nd machine to external nic's ip > i have: ethernet cable from wall (t100 line) to external nic, ethernet > cable from internal nic to hublet, ethernet cable from hublet to 2nd > machine. > reboot both machines, and it doesn't seem to work. the 2nd machine is > a webserver, i can't go to a third machine and bring up any pages. > > anyways, i've been plugging at it for 3-4 days now, all day. i have a > feeling i'm missing something really simple. if anyone more > experienced could clue me in or point me to some good howto's i'd > really appreciate it. > > thanks again > > redmond > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (FreeBSD) > > iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU > DcgxODkUR0BKRIFBX2F0nC0= > =vBmI > -----END PGP SIGNATURE----- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message