From owner-freebsd-questions@freebsd.org Mon Oct 23 20:30:38 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECD50E5457E for ; Mon, 23 Oct 2017 20:30:38 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 811FC83364 for ; Mon, 23 Oct 2017 20:30:38 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id v9NKURsW070654 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 23 Oct 2017 22:30:27 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id v9NKUQBe070651 for ; Mon, 23 Oct 2017 22:30:27 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Mon, 23 Oct 2017 22:30:26 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: FreeBSD questions Subject: Re: Routing problem In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2017 20:30:39 -0000 On Mon, 23 Oct 2017 15:19-0400, Efren Bravo wrote: > Hi there, > > I installed a FreeBSD 10.1 box and upgraded to 10.4. I tried to configure > this box as a FW but I can't get ping works from inside LAN to outside > world, neither any tcp/upd connection. Basic configs: > > router ip: 190.92.124.89 > > kernel (recompiled & installed OK): > a lot of innecesary things disabled before recompilation > --- > options IPFILTER > options IPFILTER_LOG > options IPFILTER_LOOKUP > options IPFILTER_DEFAULT_BLOCK > > /etc/rc.conf > --- > #WAN > ifconfig_re0="inet 190.92.124.90 netmask 255.255.255.248" Public IPv4 address space. > # LAN > ifconfig_em0="inet 10.170.0.1 netmask 25.255.255.128" Private IPv4 address space. Do you plan on setting up NAT44 on this box? You should if you want this setup to work as expected. > defaultrouter="190.92.124.89" > gateway_eanble="YES" > > /etc/ipfilter.rules > --- > pass out quick lo0 all > pass in quick lo0 all > > pass out quick em0 all > pass in quick em0 all > > pass out quick re0 all > pass in quick re0 all > > Routing tables > --- > Destin GW Flags Netif > default 190.92.124.89 UGS re0 > 10.170.0.0/25 link#1 U em0 > 10.170.0.21 link#1 UHS lo0 > 127.0.0.1 link#3 UH lo0 > 190.92.124.88/29 link#2 U re0 > 190.92.124.91 link#2 UHS lo0 > > >From inside box I can ping outside world and inside LAN, but from a > internal PC (IP:10.170.0.11) I cannot reach outside world. > > I need help, someone who tell where to look to fix it because I don't > realize why happens this. > thanks in advance -- Trond.