1. I would try enabling named on the FreeBSD gateway and set it as a forwarder to the DNS of my ISP. Then set all the clients' primary DNS to that of the internal IP of your gateway. 2. I would also not use "OPEN" firewall type. I would not be comfortable with it. 3. I would also take out the lines firewall_type and firewall_script from rc.conf and instead create a shell script in a startup_dir (eg /usr/local/etc/rc.d) and put all my ipfw rules in there and chmod it to be executable. I think the original /etc/rc.firewall awaits variables set in rc.conf eg firewall_type, etc.
----- Original Message ----- From: "Jose Albores" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 14, 2003 12:57 PM Subject: Problem(s) resolving names with natd/ipfw. > The problem summary is as follows: > I'm setting up a very simple LAN at home using only > two machines with fixed private ip addresses either. > The FreeBSD gateway is connected to the internet > through my cablemodem ISP's modem. > > The problem is that the Windows XP client CANNOT > access the Internet with alphabetic names (should be > called a DNS problem?) but it YES CAN do it with ip > addresses (numbers). > > AFAIK (being a newbie in networking issues) it seems > that no problems arise from the gateway side after > "setting" up natd/ipfw. > > >From the client, I can ping to numeric addresses > locally and outside. And (again using ip-numbers) I > can telnet to my pop server's 110 port. But not with > "names". > The (gateway) server has NO problems with alphabetic > addresses. Neither pinging the local network nor with > the internet. > > Maybe I forgot some "flag" for natd in my > /etc/rc.conf? > Is/are there other option/s in my kernel-configuration > file needeed? > Any hint will be appreciated. Please feel free to ask > for any necessary info. > > > These are the "details". > It's my first job with networks, and the scenario is > as follows: > The server: > · Pentium 233 MMX. > · OS: FreeBSD 4.8-RELEASE. Alternating with Win 98 > for testing. > · dc0: interfase to my cablemodem ISP. > · vr0: interfase to my local network connected to a > hub. > > The client: > · AMD athlon xp 2.0 Ghz. > · OS: Windows XP. > Adding DNS servers to the network config in the client > didn't solve the problem. > BTW it's not necessary to add DNS entries when the > server boots with Win 98 + Microsoft's ICS. > > On the server side, I built a new kernel with (all?) > the necessary options: > · The GENERIC kernel, adding: > options IPDIVERT > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=200 > options IPFIREWALL_DEFAULT_TO_ACCEPT > > The /etc/hosts file has three entries: > 127.0.0.1 localhost localhost.homenet.org > 192.168.0.1 david david.homenet.org > 126.96.36.199 goliath goliath.homenet.org > > My /etc/resolv.conf has been automagically generated > when first configured the interfases. > Maybe? it updates on every boot. > > And my networking-related lines in /etc/resolv.conf > are as follows: > --- Begin of /etc/rc.conf --- > hostname="david.homenet.org" > # [...] chunking a few not-networking lines... > ifconfig_dc0="DHCP" > ifconfig_vr0="inet 192.168.0.1 netmask 255.255.255.0" > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > firewall_script="/etc/my.rc.firewall" > #firewall_script="/etc/rc.firewall" ### did not work > either!!! > natd_enable="YES" > natd_interface="dc0" > natd_flags="" > --- End of /etc/rc.conf --- > > > The COMPLETE /etc/my.rc.firewall is extremely simple: > --- Begin --- > #!/bin/sh > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via dc0 > /sbin/ipfw add pass all from any to any > --- End --- > Testing "blindly" the /etc/rc.firewall also did not > work. > Learning ipfw secrets will be left for the immediate > future ;o))). > > > TIA. > -- > José Albores - <[EMAIL PROTECTED]> > > ------------ > Internet GRATIS es Yahoo! Conexión > 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo > Más ciudades: http://conexion.yahoo.com.ar > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"