Date: Fri, 6 Feb 2004 23:06:43 +0100 From: "Hambalek Regis CH [FAT]" <regis.hambalek@FARNAIR.com> To: freebsd-hackers@freebsd.org Subject: natd + ipfw, multiple public address routing... Message-ID: <210A54D44D2BCE4BA63503C2F4C4ABF53AA113@fat-srv-mail.farnair.com>
next in thread | raw e-mail | index | archive | help
Dear all, hello! As my first post I would like to seek some help :) I'm currently installing a bsd firewall to replace a cisco router for the filtering and NAT. Our network is composed of several server having a public IP each on the net. Ihave managed with natd to make the entries from internet on the machines' public IP to work, but theses machines cannot access internet. Here are my config files: /etc/rc.conf defaultrouter="157..x.x.193" gateway_enable="YES" hostname="firewall" ifconfig_rl0="inet 157.xxx.xxx.194 netmask 255.255.xxx.xxx" ifconfig_xl0="inet 10.1.0.2 netmask 255.255.0.0" firewall_enable="YES" firewall_script="/etc/firewall.sh" natd_enable="YES" natd_flags="-f /etc/natd.conf" /etc/natd.conf alias_address 157.x.x.194 same_ports yes use_sockets yes redirect_address 10.1.2.2 157.x.x.195 /etc/firewall.sh ipfw add 100 divert 8668 all from any to any via rl0 ipfw add 110 allow all from any to any via rl0 established ipfw add 120 allow all from any to any out xmit rl0 setup ipfw add 130 allow all from 10.1.0.0:255.255.0.0 to any ipfw add 140 allow all from any to 10.1.0.0:255.255.0.0 ipfw add 150 allow all from any to 10.1.2.2 http https ipfw add 160 allow all from 10.1.2.2 http https to any ipfw add 65000 deny all from any to any A machine with 10.1.0.18 ip address can acces internet with no problem. The machine 10.1.2.2 can be ping from internet, but cannot access internet. Knowinf that I have a could of other machine that I'll have to configure a translation for, can someone say me what to modify to have this working properly? Thanks! :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?210A54D44D2BCE4BA63503C2F4C4ABF53AA113>