Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Jan 1998 14:40:03 -0800 (PST)
From:      Doug White <dwhite@gdi.uoregon.edu>
To:        s-mathew/Yokogawa_Blue_Star_Ltd/IN@yokogawa.soft.net
Cc:        FreeBSD Questions <questions@FreeBSD.ORG>
Subject:   Re: Dual homed host - followup #1
Message-ID:  <Pine.BSF.3.96.980122142827.6853B-100000@gdi.uoregon.edu>
In-Reply-To: <65256594.002F7470.00@yokogawa.soft.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I'm redirecting this back onto questions.

On Thu, 22 Jan 1998 s-mathew/Yokogawa_Blue_Star_Ltd/IN@yokogawa.soft.net wrote:

> First of all, thanks for replying !

No problem.  This is an easy fix -- you forgot to enable gatewaying in
/etc/rc.conf.  See below.

> I can ping hosts on the general Internet (eg 204.216.27.18 - the FreeBSD
> site) from my machine but not from a host on the private network (eg the NT
> machine I mentioned earlier).

OK.

> I can telnet to the address set on the internet side card (164.164.153.7)
> from the NT machine. This is surely a problem, since I want to setup a
> firewall with applications being handled by proxies, not filtering.
> Incidentally, I can ping the internet side card from the NT machine even if
> the cable to the internet side card is not connected.

This would imply that the routing from the interior net to the exterior
net is faulty.  The machine knows how to reach it's own interfaces, but
nothing beyond that.  Once this works you'll need to install ipfw or FTWK
and desired proxy(ies) since your NT box will be exposed. 

In rc.conf:

> ### Network routing options: ###
> gateway_enable="NO"      # Set to YES if this host will be a gateway.

This must be set to YES.  Then the packets should flow through.

You may want to enable the firewall and make sure you have IPFIREWALL
built into your kernel before you enable gatewaying, otherwise your
internal net will be exposed.  

In terms of proxy applications, you're on your own; FWTK (FireWall
ToolKit) is a good collection of applications for what you're trying to
do.  FTWK is available through the ports collection. 

Hope this helps and good luck!

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980122142827.6853B-100000>