From owner-freebsd-questions Wed Dec 1 6:49: 8 1999 Delivered-To: freebsd-questions@freebsd.org Received: from spamraaa.compuserve.com (as-img-rel-1.compuserve.com [149.174.217.142]) by hub.freebsd.org (Postfix) with ESMTP id 73CC014D70 for ; Wed, 1 Dec 1999 06:49:02 -0800 (PST) (envelope-from nat@unixlover.com) Received: (from mailgate@localhost) by spamraaa.compuserve.com (8.9.3/8.9.3/SUN-REL-1.1) id JAA20536 for freebsd-questions@freebsd.org; Wed, 1 Dec 1999 09:49:02 -0500 (EST) Received: from vedika (pool0371.cvx11-bradley.dialup.earthlink.net [209.178.189.116]) by spamraaa.compuserve.com (8.9.3/8.9.3/SUN-REL-1.1) with SMTP id JAA20472; Wed, 1 Dec 1999 09:48:46 -0500 (EST) Message-ID: <001d01bf3c0b$02db5a60$74bdb2d1@vedika> From: "nat" To: "Andrzej Szydlo" Cc: References: <000c01bf3bca$123a33a0$3898b2d1@vedika> <19991201093730.B9305@gv.edu.pl> Subject: Re: natd not working properly.. firewall help Date: Wed, 1 Dec 1999 06:47:12 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG unfortunately.. that did not work. i also noticed that there are no routing daemons on start up. i am trying to forward packets from de0->de1. If you have any other ideas that would be great. thanx, nat > Hi, > > On Tue, Nov 30, 1999 at 11:02:44PM -0800, nat wrote: > > I have set up natd by the manual. I have a cable modem and two > > nics. what i am trying to do is share the internet with other users > > on my LAN. The cable modem is currently setup on device de1 > > properly and works for the "local" user. > > > > Now, throgh the clients I can only contact the network card (de1) > > that the cable modem is connected to. I cannot contact the outside > > network. > > > > The de0 interface is the one on the internal network and is set to > > 192.168.0.1. All of the clients have this as the default router. > > > > these are my firewall settings (please tell me which ones are wrong): > > #Flush out the list before we begin. > > $fwcmd -f flush > > > > # divert > > $fwcmd add 1 divert natd from any to any via de0 > > The de0 is your internal inerface and de1 is external. You need to divert > packets passing through external interface. change this line to > > $fwcmd add 1 divert natd from any to any via de1 > > Also remember that if a packet matches a rule, no furhter rules are checked, > so you will probably want to change rule number from 1 to a greater one. > > Let me know how it works or if you need any more help. > > Andrzej > > > # allow by default > > $fwcmd add 65000 allow all from any to any > > > > # 50-99: trusted hosts > > $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224 > > $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any > > $fwcmd add 52 allow ip from 24.1.183.147 to any > > $fwcmd add 53 allow ip from any to 24.1.183.147 > > > > # 1000-1999: DoS/hack prevention > > $fwcmd add 1000 deny tcp from any to any 1080 > > $fwcmd add 1001 deny tcp from any to any 12345 > > $fwcmd add 1002 deny tcp from any to any 31337 > > $fwcmd add 1003 deny tcp from any to any 111 > > $fwcmd add 1004 deny tcp from any to any 87 > > $fwcmd add 1005 deny tcp from any to any 2049 > > $fwcmd add 1006 deny tcp from any to any 512 > > $fwcmd add 1007 deny tcp from any to any 513 > > $fwcmd add 1008 deny tcp from any to any 514 > > $fwcmd add 1009 deny tcp from any to any 515 > > $fwcmd add 1010 deny tcp from any to any 540 > > > > *this is in the /etc/rc.firewall file. > > > > This is what i have set up for rc.conf: > > firewall_enable="YES" > > natd_enable="YES" > > natd_interface="de0" > > named_enable="YES" > > gateway_enable="YES" > > > > > > I think that is how you set it up. > > > > There is also one last strange thing that I think might be the problem. > > Right before it prints out gateway=yes it says tcpextensions=no. > > Im not sure what that means either. > > > > I am using the Cox@home network so please help me if you can. > > > > Thank you, > > > > nat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message