On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: > I have install freebsd 4.x,and have two netcards. > I want it as getway. > I have config "gateway_enable=YES" in rc.conf,and then reboot. > [a pc]--------[freebsd]-------[b pc] > After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and > b pc can ping freebsd successful,why? > Please give me a hand. > Thanks!! > > aetch
Have you built a kernel with IPFW enabled and have you enabled natd in your rc.conf? Both IPFW (or perhaps IPFILTER) must be enabled to allow packet forwarding. Just setting gateway="yes" in rc.conf isn't enough (I know - I made the same mistake) You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and build a custom kernel with IPFW enabled. Here's the lines I added to my kernel: # IP Aliasing and Firewall options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT and here's what I put in my rc.conf: gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" You will also need to enable the firewall in rc.conf - what follows is for an entirely OPEN firewall, i.e. it allows anything and everything through. (But you must have the firewall enabled to use the IP forwarding capabilities): firewall_enable="YES" #firewall_type="OPEN" #firewall_script="/etc/openfirewall.rules" and the contents of /etc/openfirewall.rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc1 /sbin/ipfw add pass all from any to any Chapter 8 of the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html) and Chapter 14, Section 8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html have most of the information you'll need. In future posts, paste the contents of your rc.conf and any other files involved- that will help the list answer your question more quickly. HTH Jim _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"