Re: another go at ipfw/natd

Thu, 16 Jan 2003 13:17:52 -0800 

Redmond Militante wrote:

hi again

i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two

> nics as a gateway/natd box, and place the second machine behind it.

gateway machine's kernel has been recompiled with:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE

gateway machine's /etc/rc.conf:

defaultrouter="129.x.x.1"
hostname="enquirer.medill.northwestern.edu"
ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0"
ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0"
gateway_enable="YES"
firewall_enable="YES"
#firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="xl0"
natd_flags=""

second machine's /etc/rc.conf:

defaultrouter="10.0.0.1"
ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0"

'ipfw list' on the gateway machine gives me:
00050 divert 8668 ip from any to any via xl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 allow ip from any to any

i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html
"Each machine and interface behind the LAN should be assigned IP address numbers in the private
> network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address."

this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org'

> times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address
> of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client
> machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response.

Let me ask some questions to help diagnose this:
1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1?
2. What's in /etc/resolv.conf on the gateway and the client machine?
3. What does ifconfig display on the gateway?  Does xl1 show as "up" with a valid media type?
   Do your net card and hub both have link lights?

--
Bill Moran
Potential Technologies
http://www.potentialtech.com


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to