From owner-freebsd-hackers@FreeBSD.ORG Fri Feb 6 14:12:25 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B31316A4CE for ; Fri, 6 Feb 2004 14:12:25 -0800 (PST) Received: from mail.imp.ch (ns1.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id F328943D41 for ; Fri, 6 Feb 2004 14:12:22 -0800 (PST) (envelope-from regis.hambalek@FARNAIR.com) Received: from fat-mail.farnair.com (mail.farnair.com [157.161.190.196]) by mail.imp.ch (8.12.9p2/8.12.3) with ESMTP id i16MCINY003337 for ; Fri, 6 Feb 2004 23:12:19 +0100 (CET) (envelope-from regis.hambalek@FARNAIR.com) Received: by mail.farnair.com with Internet Mail Service (5.5.2653.19) id ; Fri, 6 Feb 2004 23:13:04 +0100 Message-ID: <210A54D44D2BCE4BA63503C2F4C4ABF53AA113@fat-srv-mail.farnair.com> From: "Hambalek Regis CH [FAT]" To: freebsd-hackers@freebsd.org Date: Fri, 6 Feb 2004 23:06:43 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Virus-Scan: smtp-vilter X-SMTP-Vilter-Version: 1.1.0rc2 X-SMTP-Vilter-Backend: Clam AntiVirus Daemon (clamd) X-SMTP-Vilter-Status: clean Subject: natd + ipfw, multiple public address routing... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 22:12:25 -0000 Dear all, hello! As my first post I would like to seek some help :) I'm currently installing a bsd firewall to replace a cisco router for the filtering and NAT. Our network is composed of several server having a public IP each on the net. Ihave managed with natd to make the entries from internet on the machines' public IP to work, but theses machines cannot access internet. Here are my config files: /etc/rc.conf defaultrouter="157..x.x.193" gateway_enable="YES" hostname="firewall" ifconfig_rl0="inet 157.xxx.xxx.194 netmask 255.255.xxx.xxx" ifconfig_xl0="inet 10.1.0.2 netmask 255.255.0.0" firewall_enable="YES" firewall_script="/etc/firewall.sh" natd_enable="YES" natd_flags="-f /etc/natd.conf" /etc/natd.conf alias_address 157.x.x.194 same_ports yes use_sockets yes redirect_address 10.1.2.2 157.x.x.195 /etc/firewall.sh ipfw add 100 divert 8668 all from any to any via rl0 ipfw add 110 allow all from any to any via rl0 established ipfw add 120 allow all from any to any out xmit rl0 setup ipfw add 130 allow all from 10.1.0.0:255.255.0.0 to any ipfw add 140 allow all from any to 10.1.0.0:255.255.0.0 ipfw add 150 allow all from any to 10.1.2.2 http https ipfw add 160 allow all from 10.1.2.2 http https to any ipfw add 65000 deny all from any to any A machine with 10.1.0.18 ip address can acces internet with no problem. The machine 10.1.2.2 can be ping from internet, but cannot access internet. Knowinf that I have a could of other machine that I'll have to configure a translation for, can someone say me what to modify to have this working properly? Thanks! :)