From owner-freebsd-questions Tue Nov 19 20:10:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3E4737B401 for ; Tue, 19 Nov 2002 20:10:48 -0800 (PST) Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by mx1.FreeBSD.org (Postfix) with SMTP id 0132743E6E for ; Tue, 19 Nov 2002 20:10:47 -0800 (PST) (envelope-from perisa@porsche.de) Received: (qmail 12247 invoked from network); 20 Nov 2002 04:19:28 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 20 Nov 2002 04:19:28 -0000 Received: (qmail 1848 invoked from network); 20 Nov 2002 04:10:44 -0000 Received: from beastie.ibd.porsche.de (HELO porsche.de) (141.36.3.29) by smtp4cli.ibd.porsche.de with SMTP; 20 Nov 2002 04:10:43 -0000 Message-ID: <3DDB0D2C.6010601@porsche.de> Date: Wed, 20 Nov 2002 05:18:52 +0100 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020709 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: 'Constantine' Cc: Derrick Ryalls , freebsd-questions@FreeBSD.org Subject: Re: FreeBSD gateway References: <004201c29047$2e762e50$0200a8c0@bartxp> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Derrick Ryalls wrote: >>Hello! >>I have installed FreeBSD 4.7 recently, and it seems it does >>not want to >>work as a gateway. I have two network cards in my FreeBSD >>computer, fxp0 >>for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am >>confused what the difference between gateways and routers is (I was >>thinking they link to the same thing). I can ping my FreeBSD box from >>winxp, I can ping internet from remote session to FreeBSD, >>but I cannot >>ping internet from my winxp. >>My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway >>192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: >> >>gateway_enable="YES" >>kern_securelevel_enable="NO" >>nfs_reserved_port_only="YES" >>ifconfig_sis0="DHCP" >>ifconfig_fxp0="inet 192.168.0.18 netmask 255.255.255.0" >>#router_enable="YES" # from handbook gateway_enable="YES" >>firewall_enable="YES" >>firewall_type="OPEN" >>natd_enable="YES" >>natd_interface="sis0" >>natd_flags="" #/ handbook > > > Are your ip's reversed? I think the gateway should have the .1 address > and the xp box should use the .18 Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. > > Are you using the default kernel? If so, you will need to add a couple > lines are recompile. > > options IPFIREWALL #firewall > options IPDIVERT #divert sockets > > as for the difference between a router and a gateway, a gateway is a > machine to deal with going from one network (lan) to another network > (wan), I think. > From your point of view (as needed for this problem) routers and gateways are the same. In this case the FreeBSD box is acting as a router for your internal net to the Internet. A simple router would do the same. But for more complex routing you have to either setup gated (or similar software) or add all rules (if they are static) by hand. A gateway is the simplest form of a router. >>The last two lines from dmesg: >>IP packet filtering initialized, divert disabled, rule-based >>forwarding >>enabled, default to deny, logging disabled >>ip_fw_ctl: invalid command That hints to a problem with the /etc/rc.firewall script (which is called when you add to /etc/rc.conf firewall_enable="YES"). Please provide us with the output of "ipfw list". (You have to do that as root of course). I think your firewall ruleset is not tuned for a gateway situation. Hope that helps Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message