From owner-freebsd-questions Mon Sep 9 12:10:18 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 399CD37B421 for ; Mon, 9 Sep 2002 12:10:10 -0700 (PDT) Received: from mail.bg (dialup252.varna.spnet.net [213.169.38.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43FCB43E65 for ; Mon, 9 Sep 2002 12:10:06 -0700 (PDT) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g89M9lRt000894; Mon, 9 Sep 2002 22:09:47 GMT (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g89M9bqh000891; Mon, 9 Sep 2002 22:09:38 GMT Date: Mon, 9 Sep 2002 22:09:37 +0000 From: "D. Penev" To: Cherie Powell Cc: freebsd-questions@FreeBSD.org Subject: Re: One way cable modem/ipfilter Message-ID: <20020909220937.GA313@earth.dpsca.bg> Mail-Followup-To: Cherie Powell , freebsd-questions@FreeBSD.org References: <20020909173539.6DEE09377F@server2.fastmail.fm> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20020909173539.6DEE09377F@server2.fastmail.fm> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Sep 09, 2002 at 05:35:39PM +0000, Cherie Powell wrote: >Date: Mon, 9 Sep 2002 17:35:39 UT >From: "Cherie Powell" >To: freebsd-questions@FreeBSD.ORG >Subject: One way cable modem/ipfilter > >I have a FreeBSD 4.4-STABLE machine in my home set up as a firewall >using ipfilter. I recently moved and my internet access went from a T1 >line to a one way cable modem. (With this setup, traffic goes out >through the modem on tun0 and in through the cable modem on vx0.) >Setting this up has been an interesting challenge. > >I first set up PPP using a standard dial-up account and got the network >working with it. With this setup, I can access the internet both from >the firewall and from machines behind the firewall (on xl0). > >Next, I tried with the cable modem. Using it, I can access the internet >from the firewall, but not from machines behind the firewall. If I run >tcpdump on the firewall and ping a site from one of the other >computers, I can see that packets are going out on tun0 and coming back >on vx0, as they are supposed to. My guess is that the system can't >figure out where to send them from there. > >The end result needs to be that the workstation sends a packet to the >firewall, which sends it out on tun0. The firewall should receive the >reply through vx0 and forward that packet back to the workstation that >originally sent the request. All of it seems to be working except for >that very last part. > >If it helps, the one instance I found of someone having this same >problem finally corrected it by putting this line in /etc/rc.firewall: >/sbin/ipfw add divert natd all from any to any via any > >I'm hoping that this could be applied to my situation using ipfilter... > >Anyone have any ideas? Please speak slowly - I'm still kind of new >at this. :-) According to you explanation I suppose that you use ppp -nat to make address translation of private ip's , that in this situation is not correct. Try to use ipnat(8) for ip translation. Create /etc/ipnat.rules: map tun0 192.168.1.0/24 -> 0/32 # change address with you private network Enable ipnat at startup. In /etc/rc.conf put: ipnat_enable="YES" I don't use this kind of configuration but I don't see why this would not work. > >Thanks, Cherie > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message