Hi Tim, Which of the firewalls do you want to use and if you want to use both what do you want the functionality to be? If you can send your rc.conf,ipf.conf and ipnat.conf I could check out the ipf part and see if I find anything. Obviously Glen's experience with ipfw is more extensive than mine so he would most likely be of more help on that front. It would however of great help to know what you're trying to accomplish.
Regards, Ruben -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Holmes Sent: August 15, 2005 10:47 AM To: freebsd-questions@freebsd.org Subject: FreeBSD Gateway problems For years I've used a FreeBSD as my gateway. Well I haven't had a high speed connection for 3 years now, and I've just gotten it back. Since then I've reloaded the machine from 4.3 to 5.3. I thought I had it all set up so when I did get connection, I could make a quick edit to my rc.conf and I'd be ready to go. Well turns out I was way off. The machine has no problems geting an IP from the cable modem, and I can get anywhere I want from that machine directly. (I'm currently ssh'd to the router machine to send email, use w3m to find How-Tos) But it won't pass traffic from the rest of the network. Here are the settings in my rc.conf: gateway_enable="YES" # Enable as Lan gateway # firewall_enable="YES" natd_enable="YES" natd_interface="xl0" natd_flags="-f /etc/natd.conf" ipmon_enable="YES" ipmon_flags="-Ds" The firewall_enable is disable now because when it's turned on, I can't actually get out from directly on the machine. At this point I just want it to do the routing and then I can work on building a firewall afterwards. Before I did the update and rebuilt the kernel yesterday, I had these options in rc.conf # ipnat_enable="YES" # Start ipnat function # ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat # ipfilter_enable="YES" # Start ipf firewall # ipfilter_rules="/etc/ipf.rules" # loads rules definition text file Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed was "gateway_enable=YES" and "firewall_enable=YES". Also to add these two options to the kernel: options IPFILTER options IPDIVERT But that wasn't working. Another mentioned I needed defaultrouter="192.168.2.254", but that's not doing it either. It wasn't actually running nat, and I'd get errors if I tried to start. Here's the message I saw at boot after a new kernel. 1: unexpected keyword (any) - from /sbin/ipf: /etc/ipf.rules: parse error (-1), quitting /etc/rc: WARNING: NO IPNAT RULES After following some other How-Tos I tried running ipfw, but I keep getting an error message that won't return any helpful searches from Google. # ipnat -f /etc/ipnat.conf ioctl(SIOCGNATS): Operation not permitted # ipfw -f flush ipfw: setsockopt(IP_FW_FLUSH): Protocol not available # ipf -FA -f /etc/ipf.rules ioctl(SIOCIPFFL): Operation not permitted # ipfw add divert natd all from any to any via xl0 ipfw: getsockopt(IP_FW_ADD): Protocol not available None of those error messages will give me anything to go. So I'm at a lose here. Can anybody point me to How-To, or share their rc.conf edits to make this work? I know this was a little long, but thanks in advance for the help. tdh -- ----------------+------------------------------------------------- \./ | Tim Holmes -- [EMAIL PROTECTED]: [EMAIL PROTECTED] (0Y0) | UIN: 17021091 -- AIM: tdh004 -ooO--(_)--Ooo--+------------------------------------------------- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"