From owner-freebsd-questions@FreeBSD.ORG Wed Sep 15 19:27:36 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 941CE10656A9 for ; Wed, 15 Sep 2010 19:27:36 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105]) by mx1.freebsd.org (Postfix) with ESMTP id 7C2D48FC08 for ; Wed, 15 Sep 2010 19:27:36 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp030.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0L8S00JW3ZDOHE70@asmtp030.mac.com> for freebsd-questions@freebsd.org; Wed, 15 Sep 2010 12:27:25 -0700 (PDT) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1004200000 definitions=main-1009150100 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.0.10011,1.0.148,0.0.0000 definitions=2010-09-15_14:2010-09-15, 2010-09-15, 1970-01-01 signatures=0 From: Chuck Swiger In-reply-to: <201009152110.36850.wolfgang.riegler@gmx.de> Date: Wed, 15 Sep 2010 12:27:24 -0700 Message-id: References: <201009152110.36850.wolfgang.riegler@gmx.de> To: Wolfgang Riegler X-Mailer: Apple Mail (2.1081) Cc: freebsd-questions Subject: Re: gateway_enable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2010 19:27:36 -0000 On Sep 15, 2010, at 12:10 PM, Wolfgang Riegler wrote: > I want to create a subnet in our internal company network. I have installed FreeBSD 8.0 RELEASE i386, no updates, right from the FreeBSD CD. Now I want to configure this box as the gateway of the subnet. I have two NICs configured. One external for the company network and one for the new subnet. On this box I can reach any other computer in our internal network, I have internet access, too, and I can reach the box on the subnet. The box on the subnet is able to ping both NICs on my FreeBSD box, but cannot reach any other computer of my company network or the internet. Because I don't need any firewall on this subnet, I thought gateway_enable="YES" in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? Yes. What you've done thus far should work fine if your internal subnet was using routable IPs; since you are using 192.168.x.y RFC-1918 unroutable IPs, you want to also setup NAT on your gateway box: http://www.freebsd.org/doc/handbook/network-natd.html Regards, -- -Chuck