Date: Sat, 6 Jul 2002 17:56:51 -0500 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@FreeBSD.org Subject: Re: stuck on ipfw/natd config Message-ID: <20020706175651.B493@darkpossum> In-Reply-To: <356D3756-9133-11D6-A73F-00306548FDCC@mac.com>; from mystic_mac1@mac.com on Sat, Jul 06, 2002 at 02:53:37PM -0800 References: <20020706173549.A493@darkpossum> <356D3756-9133-11D6-A73F-00306548FDCC@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable before anyone mentions it steps .5, which i failed to write down as part of the procedure i've been f= ollowing due to my hitting the wrong key in vim: recompiled a custom kernel w ipfw/natd support: changed IDENT to my hostnam= e,=20 options IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL, IPSTEALTH, ICMP_BANDLIM On Sat, Jul 06, 2002 at 02:53:37PM -0800, Mark Thumper Weisman expatiated w= ith great perspicuity: > www.freebsddiary.com has some decent information on natd/ipfw and so=20 > does www.geekvenue.net/chucktips >=20 > His Faithful Servant, > Mark >=20 > On Saturday, July 6, 2002, at 02:35 PM, Redmond Militante wrote: >=20 > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > hi all > > > > i've been trying to get ipfw/natd going, with no luck. i was wondering= =20 > > if anyone could point me to some good, *up-to-date* documentation on=20 > > how this is done. i'd like to set up one machine with ipfw/natd &/of= =20 > > ipf/ipnat (although the documentation on the internet for ipf i find to= =20 > > be even more obtuse &/or out of date) to serve as a gateway for about= =20 > > 5-10 machines, all with static ips, although i've installed dhcpd to=20 > > provide for dhcp machines to be hooked up to it in the future. i've=20 > > bought 'FreeBSD Unleashed' from SAMS press, but the documentation on=20 > > setting up ipfw/nat is scant and to me it looks like it's missing some= =20 > > really obvious steps - like recompiling your kernel for firewall/nat...= =20 > > so i've been mainly following the directions at=20 > > http://www.kcgeek.com/content/features/1020842040.blather.howto/feature= .html, > > changing a few things for my setup. > > > > i haven't even gotten to configuring any rules for the firewall, as i= =20 > > can't even seem to get natd to work as of yet. here's my system=20 > > specs: dell optiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated= =20 > > 3com 3c905x, one pci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to= =20 > > be used externally, the integrated nic - xl1 - is to be used for the=20 > > internal network. so far i've: > > > > 1. added the following lines to /etc/rc.conf > > > > gateway_enable=3D"YES" > > natd_enable=3D"YES" > > natd_interface=3D"xl1" > > natd_flags=3D"-s -u -m" > > firewall_enable=3D"YES" > > firewall_logging_enable=3D"YES" > > firewall_quiet=3D"NO" > > firewall_type=3D"open" > > hostname=3D"[your hostname here]" > > ifconfig_xl0=3D"inet xxx.xxx.xxx.xxx (my static ip) netmask=20 > > 255.255.255.0" //external nic > > ifconfig_xl1=3D"inet 192.168.70.230 netmask 255.255.255.0" //internal n= ic > > > > 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. > > gzip -cd dhcp-3.0.tar.gz | tar xvf > > cd dhcp-3.0pl1 > > ./configure > > make, make install > > > > 3. created /usr/local/etc/rc.d/dhcpd.sh > > > > #!/bin/sh > > /usr/sbin/dhcpd xl1 -q > > > > 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf > > > > and inserted the following lines: > > > > option domain-name "[my internal network domain name here]"; > > option domain-name-servers [my DNS server IP here]; > > ddns-updates off; > > ddns-update-style none; > > > > default-lease-time 600; > > max-lease-time 7200; > > > > authoritative; > > > > subnet 192.168.70.0 netmask 255.255.255.0 { > > range 192.168.70.100 192.168.70.150; option domain-name "[my internal= =20 > > networks domain name here]"; option domain-name-servers [my DNS server= =20 > > IP here]; > > > > default-lease-time 600; > > max-lease-time 7200; > > option routers 192.168.70.230; option broadcast-address 192.168.70.255; > > default-lease-time 600; > > max-lease-time 7200; > > } > > > > 5. # touch /var/db/dhcpd.leases > > # chmod 644 /var/db/dhcpd.leases > > > > start the server: # /usr/local/etc/rc.d/dhcpd.conf > > #shutdown -r now, reboot > > > > change default gateway on 2nd machine to external nic's ip > > i have: ethernet cable from wall (t100 line) to external nic, ethernet= =20 > > cable from internal nic to hublet, ethernet cable from hublet to 2nd=20 > > machine. > > reboot both machines, and it doesn't seem to work. the 2nd machine is= =20 > > a webserver, i can't go to a third machine and bring up any pages. > > > > anyways, i've been plugging at it for 3-4 days now, all day. i have a= =20 > > feeling i'm missing something really simple. if anyone more=20 > > experienced could clue me in or point me to some good howto's i'd=20 > > really appreciate it. > > > > thanks again > > > > redmond > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.7 (FreeBSD) > > > > iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU > > DcgxODkUR0BKRIFBX2F0nC0=3D > > =3DvBmI > > -----END PGP SIGNATURE----- > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3WyFNjun16SvHYRAh1QAJ4s5eT1k62hE9MrT3dtVrfPmj1SpACgiN27 7MWIeBqHzHHcp23gkQCFYjk= =ybkn -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020706175651.B493>