From owner-freebsd-questions  Mon Jul 16  6:55:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.pelennor.net (mrench.tcinternet.net [209.98.159.250])
	by hub.freebsd.org (Postfix) with ESMTP id 7891F37B401
	for <freebsd-questions@freebsd.org>; Mon, 16 Jul 2001 06:55:48 -0700 (PDT)
	(envelope-from jasapp@pelennor.net)
Received: by mail.pelennor.net (Mail, from userid 1003)
	id B2B8D76E; Mon, 16 Jul 2001 08:55:37 -0500 (CDT)
Date: Mon, 16 Jul 2001 08:55:37 -0500
From: Jeff Sapp <jasapp@pelennor.net>
To: khayman <khayman@carolina.rr.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: routing not working
Message-ID: <20010716085537.A16836@pelennor.net>
References: <3B524DD6.9B622A0E@carolina.rr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3B524DD6.9B622A0E@carolina.rr.com>; from khayman@carolina.rr.com on Sun, Jul 15, 2001 at 10:13:42PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> My routing table looks like this:
> 
> Destination	Gateway		flags	refs	use	Netif	Expire
> default		192.168.1.1	UGSc	0	3	de0		
> 10.10.10/24	link#1		UC	1	0	dc0 =>
> localhost	localhost	UH	0	0	lo0
> 192.168.1	link#2		UC	3	0	de0 =>
> 
> I have a linksys 4 port router/firewall outside the 192.x interface
> which in turn connects to a cable modem.  The goal is to get rid of the
> linksys and have the cbl modem come directly into the BSD firewall.

Do you get public (and static) ips from your ISP or is there a reason
you are using private network addresses on your external interface?

If you only get one ip from your ISP, you'll have to run nat on your firewall.

> My rc.conf file looks like this:
> 
> gateway_enable="YES"
> network_interfaces="de0 dc0 lo0"
> ifconfig_de0="DHCP"
> ifconfig_dc0="inet 10.10.10.1 netmask 255.255.255.0"
> .
> .
> ipfilter_enable="YES"
> ipnat_enable="YES"

That all looks ok.

> Any suggestions on where to look to see what I've screwed up?
> ps:  If and when I get this working properly, does anyone know if I'll
> be able to pass a CheckPoint SecuRemote client thru the firewall??

Sure. It shouldn't be too hard to figure out what changes you need to make
to your ipf.rules file. Flush your rules, run tcpdump, then the application,
look at the tcpdump output and change your rules accordingly.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message