ExTaZyTi wrote: > Hi again, > > I have problem with my network, I use 2 Network Cards in my FreeBSD > computer > and 1 Network Cards in WinXP Prof sp2, > one of the network card - rl0 is my real static ip address with DHCP, 2 > network card is - rl1 is my local gateway ip: 192.168.0.1, > I don't set the gateway for the rl1, just ip: 192.168.0.1, DNS from the > ISP, > mask: 255.255.255.0,.. > I precompiled my kernel with options FIREWALL, IPDIVER, > IPFIREWALL_DEFAULT_TO_ACCEPT, IPFIREWALL_VERBOSE. > --------- > my /etc/rc.conf is: > --------- > gateway_enable="YES" > firewall_enable="YES" > firewall_script="/etc/firewall.sh" > natd_enable="YES" > natd_interface="rl1" > natd_flags="" > sendmail_enable="NONE" > hostname="root.extremebg.biz" > ifconfig_rl0="DHCP" > linux_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > inetd_enable="NO" > ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0" > hostname="root.extremebg.biz" > --------- > my /etc/firewall.sh is: > --------- > #!/bin/sh > /sbin/ipfw -f flush > /sbin/ipfw add 1000 pass all from any to any via lo0 > /sbin/ipfw add 1100 deny all from any to 127.0.0.0/8 > /sbin/ipfw add 1200 deny icmp from any to any frag > /sbin/ipfw add 1300 deny icmp from any to any in icmptype > 5,9,13,14,15,16,17 > /sbin/ipfw add 1400 deny tcp from any to any not established tcpflags fin > /sbin/ipfw add 1500 deny tcp from any to any tcpflags > fin,syn,rst,psh,ack,urg > /sbin/ipfw add 1600 deny tcp from any to any tcpflags > !fin,!syn,!rst,!psh,!ack,!urg > /sbin/ipfw add 4000 deny udp from any 137-139 to any via rl0 > /sbin/ipfw add 4100 deny udp from any to any 137-139 via rl0 > /sbin/ipfw add 5000 divert natd ip from 192.168.0.0:255.255.255.128 to any > out xmit rl1 > /sbin/ipfw add 5100 divert natd ip from any to 192.168.0.1
you should have a look at http://www.freebsddiary.org/ipfw.php - especially the natd divert part (your divert uses the wrong interface imho) > /sbin/ipfw add 5500 deny all from 192.168.0.0/24 to not > 192.168.0.0/2480,21,443 > /sbin/ipfw add 600 allow all from any to any i guess the last rule was just for test purpose, if not - first rule that matches takes it - which means rule number 600 would "kill" your whole firewall > --------- > my ifconfig is: > --------- > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=8<VLAN_MTU> > inet6 fe80::2c0:26ff:fe5e:72a4%rl0 prefixlen 64 scopeid 0x1 > inet 85.239.153.142 netmask 0xffffff80 broadcast 85.239.153.255 > ether 00:c0:26:5e:72:a4 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=8<VLAN_MTU> > inet6 fe80::2e0:4cff:fe3c:f2f%rl1 prefixlen 64 scopeid 0x2 > inet 192.168.0.1 netmask 0xffffff80 broadcast 192.168.0.127 > ether 00:e0:4c:3c:0f:2f > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff000000 > --------- > my /etc/sysctl.conf is: > --------- > net.inet.ip.forwarding=1 > --------- > My network ISP gateway is: 85.239.153.129, submask: 255.255.255.128, my > static real ip is: 85.239.153.142, my ISP DNS server is: > 85.239.155.1. > --------- > > my pc start natd successfully, and other services .. > -- > > my WinXP network configuration is: > > DNS 85.239.155.1, gateway: 192.168.0.1, mask: 255.255.255.0, ip addess: > 192.168.0.2. > > I connected my computers in LAN, but not going traffic from my freebsd to > the windows :( > I don't know how to route traffic from FreeBSD to the windows :( > please help -- Armin Pirkovitsch [EMAIL PROTECTED] _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
