Date: Mon, 19 Oct 1998 22:32:39 -0700 (PDT) From: Bryce Newall <data@dreamhaven.net> To: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: More IPFW/natd trouble, but I'm close! Message-ID: <Pine.NEB.3.96.981019221827.834A-100000@ds9.dreamhaven.org>
next in thread | raw e-mail | index | archive | help
Greetings! Thanks to everyone who helped me out so far with attempting to get some sort of gateway setup going on my FreeBSD machine. I'm still running into some difficulty, but I believe I'm getting close. Here's what I have so far: * Two 3C590 ethernet cards in the box, vx0 and vx1. vx0 is the interface to my cable modem (gets its IP via DHCP), and vx1 is the interface to the local network (configured as IP 10.0.0.1). * vx1 is configured at boot-up; vx0 is configured by the DHCP client. Side note: The @#%()^ ISC DHCP client resets vx1's IP to 0.0.0.0 when it runs, even though I specifically tell it vx0, so I end up having to add an additional ifconfig command to /etc/dhclient-script to put vx1's IP back at 10.0.0.1. However, that's easy enough. * At boot-up, my "firewall" is configured by /etc/rc.firewall, set up for an open firewall, so the following commands get executed: ipfw -f flush ipfw add 1000 pass all from any to any via lo0 ipfw add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8 ipfw add 65000 pass all from any to any ipfw add divert natd all from any to any via vx0 ipfw add pass all from any to any The 2nd and 3rd lines were in /etc/rc.firewall already, and it said that I shouldn't change 'em, so I didn't. The last two were added per instructions from the natd man page. I'm assuming vx0 is the correct interface, although I did also try it with vx1. My "firewall" here isn't much of a firewall; I just wanted to get it *working* at all before I started mucking with more strict firewall rules. * Finally, also at boot-up, /etc/rc.local runs natd with the following command line: /usr/sbin/natd -dynamic -interface vx0 The problem I'm looking at right now is that from another machine on my local network, configured as 10.0.0.2, can talk to my FreeBSD machine using the IP 10.0.0.1, but can't ping any outside hosts, which tells me I haven't properly configured the FreeBSD machine to pass packets to and from the outside world. I have compiled IPFIREWALL and IPDIVERT into my kernel, and have set firewall_enable to YES, firewall_type to OPEN, and gateway_enable to YES in /etc/rc.conf. I'm still new at this, and haven't been able to figure out what I'm doing wrong. Does anyone have any suggestions? Also, on a related note (after this problem gets fixed, of course)... I run a TetriNet server on my NT machine, which I want to keep behind the "firewall". Right now, the NT machine is still set up to use DHCP to get an IP address directly from my cable modem provider, and I have a CNAME set up in my DNS to point tetrinet.dreamhaven.org to the machine's "real" name, defiant.dreamhaven.org. Would there possibly be a way to set the CNAME to ds9.dreamhaven.org (the FreeBSD machine), and have natd direct any packets destined for that hostname over to defiant on the local network as 10.0.0.2 (i.e. not having defiant have a cable-ISP-provided IP)? Thanks once again in advance to the many gurus here! :) ********************************************************************** * Bryce Newall * Email: data@dreamhaven.net * * WWW: http://home.dreamhaven.net/~data * * "Insanity takes its toll. Please have exact change." * ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.981019221827.834A-100000>