Date: Sun, 7 May 2000 09:40:28 -0700 (PDT) From: Allen Lu <allenklu@yahoo.com> To: Chris Phillips <chris@selkie.org> Cc: questions@freebsd.org Subject: Re: ipfirewall (ipfw) Message-ID: <20000507164028.23294.qmail@web2102.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi I made the modifications as suggested however I still do not get 216.218.224.107 forwarded to 192.168.1.10. It goes directly to the firewall. Here is my current config: rogue# cat /etc/natd.conf redirect_address 192.168.1.10 216.218.224.107 rogue# cat /etc/rc.conf # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. # -- sysinstall generated deltas -- # gateway_enable="YES" network_interfaces="rl0 rl1 lo0" ifconfig_rl0="inet 216.218.224.106 netmask 255.255.255.248 broadcast 216.218.224.112" ifconfig_rl0_alias0="inet 216.218.224.107 netmask 255.255.255.255 broadcast 216.218.224.112" ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_lo0="inet 127.0.0.1" defaultrouter="216.218.224.105" hostname="rogue.alltopix.com" firewall_enable="YES" firewall_type="open" firewall_quiet="NO" natd_enabled="YES" natd_interface="rl0" natd_flags="-u -m -f /etc/natd.conf" sendmail_enable="NO" gateway_enable="YES" router_enable="NO" static_routes="" router="routed" mrouted_enable="NO" mrouted_flags="" ipxgateway_enable="NO" tcp_extensions="NO" ipxrouted_enable="NO" ipxrouted_flags="" arpproxy_all="" forward_sourceroute="NO" accept_sourceroute="NO" Thank you for your help. Allen --- Chris Phillips <chris@selkie.org> wrote: > Hi Allen, > > Throw this line in your kernel as well. > > options IPFIREWALL_FORWARD #enable > transparent proxy support > > Also, change your rc.conf alias line to.. > > ifconfig_rl0_alias0="inet 216.218.224.107 netmask > 255.255.255.255 > broadcast 216.218.224" > > The netmask needs to be 255.255.255.255 or you will > not be able to route > packets between IPs as the machine is looking for > something that is > physically on the net and not just an alias. Packet > forwarding needs to > be on to allow static routing. > > -Chris Phillips > > On Sun, 7 May 2000, Allen Lu wrote: > > > Hi I have a question that I've been trying to find > an > > answer in the docs for a while but can't seem to > get a > > finger on what the problem could be. > > > > I'm using the latest standard release FreeBSD-4.0. > > These are my kernel changes under MYKERNEL to turn > on > > firewall and static natd on two interfaces: rl0, > rl1. > > Followed by my rc.conf. > > > > The problem is packets are not getting forwarded > by > > the redirect_address statement in my > /etc/natd.conf > > file. My goal is to setup a static natd by > translating > > a real internet IP to the public interface (rl0) > and > > redirect it after filtering to the private LAN via > > 192.168.1.1 to 192.168.1.10. When I telnet to > > 216.218.224.107, it goes to the firewall, not the > > destined client I want. I also cannot ping > > 216.218.224.107 on the firewall itself. 224.107 is > > aliased to 224.106, which is the original ip > address > > of the public card. > > > > KERNEL: > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPDIVERT > > > > rc.conf: > > # -- sysinstall generated deltas -- # > > gateway_enable="YES" > > network_interfaces="rl0 rl1 lo0" > > ifconfig_rl0="inet 216.218.224.106 netmask > > 255.255.255.248 broadcast 216.218.224 > > .111" > > ifconfig rl0 alias 216.218.224.107 netmask > > 255.255.255.248 > > ifconfig_rl1="inet 192.168.1.1 netmask > 255.255.255.0" > > ifconfig_lo0="inet 127.0.0.1" > > defaultrouter="216.218.224.105" > > hostname="rogue.alltopix.com" > > firewall_enable="YES" > > firewall_type="open" > > firewall_quiet="NO" > > natd_enabled="YES" > > natd_interface="rl0" > > natd_flags="-u -m -f /etc/natd.conf" > > sendmail_enable="NO" > > gateway_enable="YES" > > router_enable="NO" > > static_routes="" > > router="routed" > > mrouted_enable="NO" > > mrouted_flags="" > > ipxgateway_enable="NO" > > tcp_extensions="NO" > > ipxrouted_enable="NO" > > ipxrouted_flags="" > > arpproxy_all="" > > forward_sourceroute="NO" > > accept_sourceroute="NO" > > > > /etc/natd.conf: > > redirect_address 192.168.1.10 216.218.224.107 > > > > Any suggestions to why it doesn't work? > > > > Allen > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send instant messages & get email alerts with > Yahoo! Messenger. > > http://im.yahoo.com/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body > of the message > > > __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000507164028.23294.qmail>