From owner-freebsd-questions Mon Jul 16 8:13:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail7.carolina.rr.com (mail7.southeast.rr.com [24.93.67.54]) by hub.freebsd.org (Postfix) with ESMTP id 3734737B403 for ; Mon, 16 Jul 2001 08:13:45 -0700 (PDT) (envelope-from khayman@carolina.rr.com) Received: from carolina.rr.com ([168.215.135.201]) by mail7.carolina.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Mon, 16 Jul 2001 11:13:43 -0400 Message-ID: <3B5304A7.547F228F@carolina.rr.com> Date: Mon, 16 Jul 2001 11:13:43 -0400 From: khayman X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Re: routing not working References: <3B524DD6.9B622A0E@carolina.rr.com> <20010716085537.A16836@pelennor.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG there is a private address on the external interface because at present it sits behind a Linksys fw/router, which gets its external DHCP IP from my cable ISP and passes out DHCP to clients on its internal interface. Once i have the fbsd fw configured properly, I will modify the ipf.rules to allow the DHCP server at the ISP to pass traffic to it. Currently the rules allow only the linksys to give it DHCP. I do know that both internal and external interfaces on the fBSD box are alive because a tcpdump on each shows arp traffic and shows echo requests when i ping the interfaces from other machines on each segment. I am running NAT on the fw. But before i can figure out if that works, i need to be able to talk IP. At present, i can't even ping machines on the local segments... 10.10.10.x and 192.168.1.x respectively. any more suggestions?? thanks for the time and help. Bill Jeff Sapp wrote: > > > My routing table looks like this: > > > > Destination Gateway flags refs use Netif Expire > > default 192.168.1.1 UGSc 0 3 de0 > > 10.10.10/24 link#1 UC 1 0 dc0 => > > localhost localhost UH 0 0 lo0 > > 192.168.1 link#2 UC 3 0 de0 => > > > > I have a linksys 4 port router/firewall outside the 192.x interface > > which in turn connects to a cable modem. The goal is to get rid of the > > linksys and have the cbl modem come directly into the BSD firewall. > > Do you get public (and static) ips from your ISP or is there a reason > you are using private network addresses on your external interface? > > If you only get one ip from your ISP, you'll have to run nat on your firewall. > > > My rc.conf file looks like this: > > > > gateway_enable="YES" > > network_interfaces="de0 dc0 lo0" > > ifconfig_de0="DHCP" > > ifconfig_dc0="inet 10.10.10.1 netmask 255.255.255.0" > > . > > . > > ipfilter_enable="YES" > > ipnat_enable="YES" > > That all looks ok. > > > Any suggestions on where to look to see what I've screwed up? > > ps: If and when I get this working properly, does anyone know if I'll > > be able to pass a CheckPoint SecuRemote client thru the firewall?? > > Sure. It shouldn't be too hard to figure out what changes you need to make > to your ipf.rules file. Flush your rules, run tcpdump, then the application, > look at the tcpdump output and change your rules accordingly. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message