From owner-freebsd-questions@FreeBSD.ORG Mon Jan 12 18:19:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AFC316A4CE for ; Mon, 12 Jan 2004 18:19:30 -0800 (PST) Received: from m00.ca.astound.net (m00.ca.astound.net [64.85.239.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74CA143D54 for ; Mon, 12 Jan 2004 18:19:22 -0800 (PST) (envelope-from rchopra@cal.berkeley.edu) Received: from cal.berkeley.edu (astound-64-85-244-72.ca.astound.net [64.85.244.72]) by m00.ca.astound.net (8.12.10/8.12.10) with ESMTP id i0D2IjKL016044; Mon, 12 Jan 2004 18:18:45 -0800 Message-ID: <40035568.6010306@cal.berkeley.edu> Date: Mon, 12 Jan 2004 18:18:16 -0800 From: Rishi Chopra User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Subhro References: <200401111053.QAA05193@manage.24online> In-Reply-To: <200401111053.QAA05193@manage.24online> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new cc: freebsd-questions@FreeBSD.ORG Subject: Re: (Yet Another) Home Networking Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 02:19:30 -0000 Perhaps someone can help me with this small part of rc.firewall: [Ss][Ii][Mm][Pp][Ll][Ee]) ############ # This is a prototype setup for a simple firewall. Configure this # machine as a named server and ntp server, and point all the machines # on the inside at this machine for those services. ############ # set these to your outside interface network and netmask and ip oif="ed0" onet="192.0.2.0" omask="255.255.255.0" oip="192.0.2.1" # set these to your inside interface network and netmask and ip iif="ed1" inet="192.0.2.1" imask="255.255.255.0" iip="192.0.2.17" I'm curious about the difference between 'inet' and 'iip', what each one stands for, and how to configure 'onet/oip' if the outside interface network is configured via DHCP. I'm also curious about this little snippet (under the 'simple' profile): # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. What happens if this option is set in my kernel config file? Can I safely comment out this line and use the 'simple' profile without affecting natd? Subhro wrote: >Hi Rishi, > >You have to forward the ports required by WinVNC on the FreeBSD Gateway. >Have you compiled IPDIVERT in your kernel? Read the ipfw manpages to find >out how to forward ports. > >Regards >Subhro > >Subhro Sankha Kar >Indian Institute of Information Technology >Block AQ-13/1, Sector V >Salt Lake City >PIN 700091 >India >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Rishi Chopra >Sent: Sunday, January 11, 2004 1:42 PM >To: Mike Maltese >Cc: questions@freebsd.org >Subject: Re: (Yet Another) Home Networking Question > >I was able to get my network up and running with the suggestions below. >To review, my setup is the following: > >ISP FreeBSD Gateway Win2k Box > > >----------rl0--------------rl1-------------------< >ALL DHCP 192.168.0.1 192.168.0.2 > >rl0 is connected to the modem by ethernet and set for DHCP, the ISP's >method of address asignment. rl1 is the second NIC in the BSD box, and >is connected by crossover cable to the Win2k box. FreeBSD box and Win2k >box can successfully ping each other, and both FreeBSD box and Win2k >have working internet access. Everything is running A-OK. > >If I wish to host WinVNC on the Win2k box, do I need to make any changes >to the Gateway? Specifically, WinVNC requires the Win2k box to be >listening on 5800 and 5900; I have opened these ports (and these ports >only) on the Win2k box. Do I need to change rc.conf or any other files >on the gateway to specify that all incoming connections on 5800 and 5900 >be forwarded from rl0 to rl1? Am I gonna have to step up to IPFW (yuck!) ?? > >Thanks, >Rishi > >Mike Maltese wrote: > > > >>>(1) in /etc/rc.conf, I added the following >>> natd_enable="YES" >>> natd_interface="rl0" ### public interface connected to cable modem >>> gateway_enable="YES" >>> defaultrouter="192.168.0.1" ### LAN machines use this >>> ifconfig_rl0="DHCP" ### Astound uses dhcp >>> ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0" ### use for LAN >>> hostname="idfubar.dyndns.org" >>> >>> >>> >>> >>As a first step, try adding these lines to rc.conf: >> >>firewall_enable="YES" >>firewall_type="open" >> >>This will enable diversion of all traffic to natd. Read the man pages for >>natd and ipfw and >>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html >>for more information. >> >>The easiest way to reinitialize the system is to type "shutdown now". This >>will drop you into single user mode. Press return when prompted for a >> >> >shell. > > >>Hit Ctrl+D and the rc system will be run through and put you back into >>multi-user mode. Check for connectivity from the router and the Windows >> >> >box. > > >>As a side note, you can delete the defaultrouter entry. That's for your >>FreeBSD box, not LAN clients. It's getting reset by dhclient when it gets >>lease information from your ISP's DHCP server anyway. >> >> >> >> >> >> > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > > > >