Date: Thu, 16 Jan 2003 15:01:48 -0600 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@freebsd.org Subject: another go at ipfw/natd Message-ID: <20030116210148.GA4352@darkpossum>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] hi again i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two nics as a gateway/natd box, and place the second machine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter="129.x.x.1" hostname="enquirer.medill.northwestern.edu" ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0" ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" gateway_enable="YES" firewall_enable="YES" #firewall_script="/etc/rc.firewall" firewall_type="OPEN" natd_enable="YES" natd_interface="xl0" natd_flags="" second machine's /etc/rc.conf: defaultrouter="10.0.0.1" ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0" 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html "Each machine and interface behind the LAN should be assigned IP address numbers in the private network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address." this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org' times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response. please help, i'm stuck. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Jx27FNjun16SvHYRAqO9AJ9htTUibZDKhboVHmzWmdu02gM8WACgjgUw 9W/LMXhydWZradDXXRQzN2k= =9XOQ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030116210148.GA4352>