Re: IPF, NAT or NIC
I suspect that you've created a cabling loop of some sort again. Maybe i made some cabling loop, becauce my internet stoped to work. In the beginning everything was ok, but after some time when all 3 pc's was connected to switch it stopped to work. Why? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25520353.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: Maybe i made some cabling loop, becauce my internet stoped to work. In the beginning everything was ok, but after some time when all 3 pc's who was connected to switch it stopped to work. Why? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25521566.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
How to change the interfaces to not to be on same physical subnet? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25504647.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
What does it look like? ISP---Hub---My Gateway---Switch--Pc Or ISPMy Gateway---Switch-Hub-Pc -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25507235.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
In the beginning when gateway starts the web page opens, but after that no one web doesn't open. The same is in first 5min ping reach my ISP gateway, but then it's gone. Same from my gateway with ping. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25507722.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
So it means that i will need 2 more NIC's in my gateway? |-pc | ISP---Gateway-Switch-pc | |_pc Why all pc's can't be in one subnet? I'll be happy with one subnet, i don't need more. I tried this: ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2--pc cable unplugged 192.168.1.7? I want to use this one: |-pc 192.168.1.5 | ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2-Switch-pc 192.168.1.6 | |_pc 192.168.1.7 The gateway will work like firewall and nat. Maybe i have wrong settings on my pc? PC Settings IP: 192.168.1.7 Mask: 255.255.255.128 (same in rc.conf) Gateway: 192.168.1.2 Dns: x.x.88.17 Dns: 192.168.1.2 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25508442.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Steve Bertrand wrote: [ snip ] Freeco, let us know how things are connected physically. Your best bet would be: |-pc | ISP---Gateway-Switch-pc | |_pc |-pc | ISP-Switch---Gateway--Switchpc | \ | | \ |_pc | \ server1 server2 Steve wrote: ...Not depicted, but I'd recommend a firewall for anything between the gateway and the ISP. The gateway will work like IPF (Firewall) and NAT. Is it wrong? Steve wrote: I just noticed that your ISP has assigned you a /28 prefix. Is all of this 255.255.255.240 yours, or are you on a shared network segment? If it is yours, and you plan on using it, you'll want to set things up like the following. If it is all yours (88.18 - 88.30) and you didn't request it, I'd sure be interested to know who is giving away /28's nowadays when the client didn't even request it ;) Yes, it's mine. I'm paying just for 3 static addresses 18-20. I plan other static addresses to use for other plans. So i'll need 2 more NIC's for gateway? I think that my ISP uses the 2nd image. In my room is a switch. In our home is switch. 3 homes from mine is a gateway. I don't know what else there is. P.S. Sorry for my poor english -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25509501.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
A 'subnet' is a term used to describe a portion of an IP address space, where each device in that space can communicate with one another without using a router: Steve wrote: 192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254 can 'speak' to each other without using a router. If you have more than one PC, you need a 'switch' or hub to physically connect all of those devices, so they can all speak to each other. (fwiw, I cringe at the term subnet). I have a switch to connect all of these 3 pc's. Steve wrote: In the diagram above, you need two NICs in the gateway. One goes to the ISP, and the other 192.168.1.2 goes to the switch. The rest of the computers also plug into the switch. If all of the devices have 192.168.1.x, they are all in the same subnet. If the 2 pc's will be connected to gateway directly and another one with the switch, then all 3 pc's won't be in one subnet. Right? I want to use this one: |---pc 192.168.1.5 | ISP x.x.88.17---x.x.88.20 Gateway192.168.1.2---Switch---pc 192.168.1.6 | |___pc 192.168.1.7 Steve wrote: 192.168.1.2 255.255.255.0 ...but on the pc: 192.168.1.7 255.255.255.128: PC Settings IP: 192.168.1.7 Mask: 255.255.255.128 (SAME IN rc.conf ON FREEBSD) Gateway: 192.168.1.2 Dns: x.x.88.17 Dns: 192.168.1.2 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510433.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Ok. Lets start with the basics. - What is connected to the switch in your room? There is connected ISP cable from my home switch and 3 pc's - what is connected to the switch in your home? I'm not sure, but i think there is connected a cable to my switch ( i plan: my gateway - switch) And my neighbour (with private IP) - what is connected to the gateway down the street? I already said, i don't know. I haven't been there. - how do you connect your room, to your home, to the house three homes away? Everything is connected with cable. This new information makes it more believable that there is some sort of cabling mishap. P.S. Sorry for my poor english You don't have to be. You're doing just fine! -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510716.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
fxp0 is integrated NIC. In this NIC connects a cable from ISP. rl0 is PCI NIC the cable connets to switch with all other 3 pc's. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510880.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Thanks man! Everything works when i connected a cable directly to the gateway. Till this there was two cables connected because inet cable was too short. But i want my gateway to bring to another room so i'll need to connect 2 cables and inet will doesn't work again? I could ping all IP's when cables was connected. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25511903.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Ok, thanks for advice about switch. You really helped me so much. Now i'll get with my ipf and nat rules. What ports u recomend to keep open and how to block gateway ping? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25512314.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
After some time, when all 3 pc's was connected to switch inet lost. I couldn't open any web page. I didn;t try to ping anything. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25513318.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
My gateway gave me a message: gateway kernel: arp: x.x.88.17 is on fxp0 but got reply from 00:0c:42:11:15:a8 on rl0 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25513518.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPF, NAT or NIC
I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my pc i got a message gateway kernel: arp xxx.xxx.88.17 is on fxp0 but got reply from rl0. My configuration files looks like this: rc.conf clear_tmp_enable=YES hostname=gateway.fbsdfreeco.com ifconfig_fxp0= inet xxx.xxx.88.20 netmask 255.255.255.240 gateway_enable=YES ipfilter_enable=YES ipmon_enable=YES ipmon_flags=-Ds ipnat_enable=YES ipnat_rules=/etc/ipnat.rules ifconfig_rl0=inet 192.168.1.2 netmask 255.255.255.0 defaultrouter=xxx.xxx.88.17 resolv.conf search xxx.xxx.88.17 nameserver xxx.xxx.88.17 nameserver xxx.xxx.xxx.xxx ipf.loadrules.sh oif=fxp0 odns=xxx.xxx.88.17 myip=xxx.xxx.88.20 ks=keep state fks=flags S keep state /sbin/ipf -Fa -f - EOF pass out quick on $oif proto tcp from any to $odns port = 53 $fks pass out quick on $oif proto udp from any to $odns port = 53 $ks pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80 $fks pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 443 $fks EOF ipnat.rules map fxp0 192.168.1.0/16 - xxx.xxx.88.20/32 rdr fxp0 0.0.0.0/0 - xxx.xxx.88.20 map fxp0 192.168.0.0/16 - 0/32 proxy port 21 ftp/tcp map fxp0 0.0.0.0/0 - 0/32 map fxp0 192.168.0.0/16 - 0/32 --- ISP Gateway-fxp0--ping-ok---My Gateway-rl0-LAN--Switch---ping-ok---pc ISP IP - xxx.xxx.88.17 (static) My IP - xxx.xxx.88.20 (fxp0 static) My IP - 192.168.1.2 (rl0 private) pc IP - 192.168.1.x (private) where's the problem? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25491958.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
