Date: Tue, 30 Nov 1999 23:02:44 -0800 From: "nat" <nat@unixlover.com> To: <freebsd-questions@freebsd.org> Subject: natd not working properly.. firewall help Message-ID: <000c01bf3bca$123a33a0$3898b2d1@vedika>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I have set up natd by the manual. I have a cable modem and two
nics. what i am trying to do is share the internet with other users
on my LAN. The cable modem is currently setup on device de1
properly and works for the "local" user.
Now, throgh the clients I can only contact the network card (de1)
that the cable modem is connected to. I cannot contact the outside
network.
The de0 interface is the one on the internal network and is set to
192.168.0.1. All of the clients have this as the default router.
these are my firewall settings (please tell me which ones are wrong):
#Flush out the list before we begin.
$fwcmd -f flush
# divert
$fwcmd add 1 divert natd from any to any via de0
# allow by default
$fwcmd add 65000 allow all from any to any
# 50-99: trusted hosts
$fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224
$fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any
$fwcmd add 52 allow ip from 24.1.183.147 to any
$fwcmd add 53 allow ip from any to 24.1.183.147
# 1000-1999: DoS/hack prevention
$fwcmd add 1000 deny tcp from any to any 1080
$fwcmd add 1001 deny tcp from any to any 12345
$fwcmd add 1002 deny tcp from any to any 31337
$fwcmd add 1003 deny tcp from any to any 111
$fwcmd add 1004 deny tcp from any to any 87
$fwcmd add 1005 deny tcp from any to any 2049
$fwcmd add 1006 deny tcp from any to any 512
$fwcmd add 1007 deny tcp from any to any 513
$fwcmd add 1008 deny tcp from any to any 514
$fwcmd add 1009 deny tcp from any to any 515
$fwcmd add 1010 deny tcp from any to any 540
*this is in the /etc/rc.firewall file.
This is what i have set up for rc.conf:
firewall_enable="YES"
natd_enable="YES"
natd_interface="de0"
named_enable="YES"
gateway_enable="YES"
I think that is how you set it up.
There is also one last strange thing that I think might be the problem.
Right before it prints out gateway=yes it says tcpextensions=no.
Im not sure what that means either.
I am using the Cox@home network so please help me if you can.
Thank you,
nat
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2722.2800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>I have set up natd by the manual. I have a cable modem and
two</FONT></DIV>
<DIV><FONT size=2>nics. what i am trying to do is share the internet with other
users</FONT></DIV>
<DIV><FONT size=2>on my LAN. The cable modem is currently setup on device
de1</FONT></DIV>
<DIV><FONT size=2>properly and works for the "local" user.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Now, throgh the clients I can only contact the network card
(de1)</FONT></DIV>
<DIV><FONT size=2>that the cable modem is connected to. I cannot contact the
outside</FONT></DIV>
<DIV><FONT size=2>network.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>The de0 interface is the one on the internal network and is
set to</FONT></DIV>
<DIV><FONT size=2>192.168.0.1. All of the clients have this as the default
router.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>these are my firewall settings (please tell me which ones are
wrong):</FONT></DIV>
<DIV><FONT size=2>#Flush out the list before we begin.<BR>$fwcmd -f
flush</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2># divert<BR>$fwcmd add 1 divert natd from any to any via
de0</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2># allow by default<BR>$fwcmd add 65000 allow all from any to
any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2># 50-99: trusted hosts <BR>$fwcmd add 50 allow ip
from any to 207.171.202.198:255.255.255.224<BR>$fwcmd add 51 allow ip from
207.171.202.198:255.255.255.224 to any<BR>$fwcmd add 52 allow ip from
24.1.183.147 to any<BR>$fwcmd add 53 allow ip from any to
24.1.183.147<BR> <BR># 1000-1999:
DoS/hack prevention<BR>$fwcmd add 1000 deny tcp from any to any 1080<BR>$fwcmd
add 1001 deny tcp from any to any 12345<BR>$fwcmd add 1002 deny tcp from any to
any 31337<BR>$fwcmd add 1003 deny tcp from any to any 111<BR>$fwcmd add 1004
deny tcp from any to any 87<BR>$fwcmd add 1005 deny tcp from any to any
2049<BR>$fwcmd add 1006 deny tcp from any to any 512<BR>$fwcmd add 1007 deny tcp
from any to any 513<BR>$fwcmd add 1008 deny tcp from any to any 514<BR>$fwcmd
add 1009 deny tcp from any to any 515<BR>$fwcmd add 1010 deny tcp from any to
any 540</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>*this is in the /etc/rc.firewall file.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>This is what i have set up for rc.conf:</FONT></DIV>
<DIV><FONT size=2>firewall_enable="YES"<BR>natd_enable="YES"
<BR>natd_interface="de0"<BR>named_enable="YES"
<BR>gateway_enable="YES"<BR></DIV></FONT>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I think that is how you set it up. </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>There is also one last strange thing that I think might be the
problem.</FONT></DIV>
<DIV><FONT size=2>Right before it prints out gateway=yes it says
tcpextensions=no.</FONT></DIV>
<DIV><FONT size=2>Im not sure what that means either.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>I am using the Cox@home network</FONT><FONT size=2> so please
help me if you can.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Thank you,</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>nat</DIV></FONT></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01bf3bca$123a33a0$3898b2d1>