From owner-freebsd-questions  Tue Oct  7 00:51:21 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id AAA06767
          for questions-outgoing; Tue, 7 Oct 1997 00:51:21 -0700 (PDT)
          (envelope-from owner-freebsd-questions)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id AAA06758
          for <questions@FreeBSD.ORG>; Tue, 7 Oct 1997 00:51:17 -0700 (PDT)
          (envelope-from j@uriah.heep.sax.de)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id JAA08429; Tue, 7 Oct 1997 09:50:52 +0200
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.7/8.8.5) id JAA10172;
	Tue, 7 Oct 1997 09:48:58 +0200 (MET DST)
Message-ID: <19971007094857.OF42563@uriah.heep.sax.de>
Date: Tue, 7 Oct 1997 09:48:57 +0200
From: j@uriah.heep.sax.de (J Wunsch)
To: andrewb@mpa.oz.au
Cc: questions@FreeBSD.ORG
Subject: Re: gateway problems
References: <9710071712.aa08740@melsvr.mpa.oz.au>
X-Mailer: Mutt 0.60_p2-3,5,8-9
Mime-Version: 1.0
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <9710071712.aa08740@melsvr.mpa.oz.au>; from andrewb@mpa.oz.au on Oct 7, 1997 16:09:41 +0000
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

(Moved to -questions)

As andrewb@mpa.oz.au wrote:

>  A bit of background: The FreeBSD box has 2 network interfaces 
> ed0 (inet 203.17.42.140, netmask 255.255.255.0) & ed1 (inet 
> 192.168.141.130, netmask 255.255.255.0). I can verify that these are 
> working correctly.
> 
> The ed0 interface is on a real world subnet (connects via router/ISDN 
> to our ISP), and our ed1 is an inhouse subnet.
> 
> The current config does not allow win95 pc's access to the internet, 
> although the FreeBSD box does, and I have the GATEWAY="YES" option in 
> rc.conf.

Sure.  The world ain't that easy at all.  If you're using non-routable
addresses internally, then well, they won't be routed in the Internet.
Sounds logical, eh?

You need something like network address translation on the gateway
machine, see natd(8).  If your client machines are only interested in
things like WWW traffic, no IP forwarding at all might be required.
Instead, install a WWW cache on the gateway machine, like squid, and
force the clients to use it.

> I also am using routed, although Im not sure of the difference b/w 
> that and gated, and when either should be used.

Rule #1: If you don't know what they are for, you don't need them.
I've always suggested that it were a better default to shut them off,
so only people who know what they are for enable them.  I've been put
down on this, alas.

Disable routed.  It has nothing to do with `routing', in the sense of
`gatewaying packets' (or `IP forwarding').  The purpose of both
programs is to manage routing tables (and to communicate the knowledge
about routing tables across the net).

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)