> Hi folks, hi, man.
> > I've enabled routed on both systems, (-s on the webserver, -q on the it not necessary at all! set your default router in rc.conf (ask your University admin about its IP) you just look at "sysctl -a net.inet.ip.forwarding" if it equals "0" then "sysctl -w net.inet.ip.forwarding=1" (in rc.conf this variable is set by gateway_enable="YES") then you need a natd just "touch /etc/natd.conf" and edit it so that it contained something like log yes #log_denied yes port 8668 use_sockets yes same_ports yes unregistered_only yes alias_address ???.???.???.??? #your PUBLIC IP ### #EOF ### run natd "/sbin/natd -f /etc/natd.conf &" edit /etc/rc.firewall to contain approximately the following #!/bin/sh /bin/echo -n "Firewall... " #################### Flush All Chains And Pipes ######################## /sbin/ipfw -q -f flush /sbin/ipfw -q -f pipe flush #################### lo0 ########################################### /sbin/ipfw -q add 00001 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 #################### public ######################################### /sbin/ipfw -q add 00002 divert natd all from any to any in recv fxp0 #change fxp0 to your NIC name /sbin/ipfw -q add 00003 divert natd all from any to any out xmit fxp0 #change fxp0 to your NIC name #################### Firewall (icmp) ################################### # /sbin/ipfw -q add 65527 deny icmp from any to ${LocalNET} # /sbin/ipfw -q add 65528 deny icmp from ${LocalNET} to any /sbin/ipfw -q add 65529 allow icmp from any to any #################### Firewall Logging ########################### /sbin/ipfw -q add 65530 deny log all from any to any ipopt rr /sbin/ipfw -q add 65531 deny log all from any to any ipopt ts /sbin/ipfw -q add 65532 deny log all from any to any ipopt ssrr /sbin/ipfw -q add 65533 deny log all from any to any ipopt lsrr /sbin/ipfw -q add 65534 deny log all from any to any ############ echo " configured." ### (this is a fragment of my ip.firewall which is too long to quote here...) and execute the file (chmod 500 rc.firewall, you know, first... ;)) it should work. if not, ufff... than you will have to rebuild the FBSD kernel with IPDIVERT, IPFIREWALL and things, and things, and things... and repeat the said above... I envy you if you're gonna do the kernel rebuid for the first time :) it's a fascinating, absorbing and captivating procedure like playing chess with a very strong chessplayer :) see here http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-confi g.html and good luck!!! -- Error Code=-1 Continue? Yes | No -- > desktop) but that doesn't seem to be enough. I've read something about > routing and gateways in the handbook, but I didn't quite get it. So can > anyone help me out? > > Please CC me, I'm not (anymore) a user on this list. Thanks! > > -- > tcGB <>< Fi-Ji ><> > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"