Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Sep 2002 17:35:39 UT
From:      "Cherie Powell" <cpowell1@mindspring.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   One way cable modem/ipfilter
Message-ID:  <20020909173539.6DEE09377F@server2.fastmail.fm>

next in thread | raw e-mail | index | archive | help
I have a FreeBSD 4.4-STABLE machine in my home set up as a firewall
using ipfilter. I recently moved and my internet access went from a T1
line to a one way cable modem. (With this setup, traffic goes out
through the modem on tun0 and in through the cable modem on vx0.)
Setting this up has been an interesting challenge.

I first set up PPP using a standard dial-up account and got the network
working with it. With this setup, I can access the internet both from
the firewall and from machines behind the firewall (on xl0).

Next, I tried with the cable modem. Using it, I can access the internet
from the firewall, but not from machines behind the firewall. If I run
tcpdump on the firewall and ping a site from one of the other
computers, I can see that packets are going out on tun0 and coming back
on vx0, as they are supposed to. My guess is that the system can't
figure out where to send them from there.

The end result needs to be that the workstation sends a packet to the
firewall, which sends it out on tun0. The firewall should receive the
reply through vx0 and forward that packet back to the workstation that
originally sent the request. All of it seems to be working except for
that very last part.

If it helps, the one instance I found of someone having this same
problem finally corrected it by putting this line in /etc/rc.firewall:
/sbin/ipfw add divert natd all from any to any via any

I'm hoping that this could be applied to my situation using ipfilter...

Anyone have any ideas? Please speak slowly - I'm still kind of new
at this. :-)

Thanks, Cherie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020909173539.6DEE09377F>