Re: DSL LAN Sharing with FreeBSD-5.3+natd+ipfw

2005-03-17 Thread Yance Kowara 
I had a similar setup

http://members.iinet.net.au/~yance/pppoenat.html

in rc.conf where you put gateway_enable=YES
this will appear
00100  28  2096 divert 8668 ip from any to any via dc0

You can add extra ipfw config using a script similar
to mine, and in rc.conf
firewall_script=path/to/your/firewallscript

I hope it helps.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

DSL LAN Sharing with FreeBSD-5.3+natd+ipfw

2005-03-16 Thread Edwin D. Vinas 
hi,

how do i permanently set the rules for ipfw? whenever i restart my
FreeBSD server which has natd  firewall enabled, the ipfw returns to
default which is 65535 151 14646 deny ip from any to any. so i need
to repeat ipfw -f flush and execute the commands below so that my
LAN can access the Internet.

simple ruleset that must appear when ipfw show is executed:
00100  28  2096 divert 8668 ip from any to any via dc0
00200  37  3147 allow ip from any to any
65535 151 14646 deny ip from any to any

do u have an ideal ipfw rules that i can follow for a setup which
consists of a FreeBSD-5.3, natd, firewall, and DSL (static IP)
connection? i just need to as much as possible prevent my LAN from
attacks/virus/worms from outside world.

-edwin

--
--
Edwin D. ViƱas
http://www.geocities.com/edwin_vinas/
IN THE WORLD OF SCIENCE,
NOTHING IS IMPOSSIBLE.
--
#--March 16, 2005
- users: misoy/edv; root/mfr
- installed snmp(comstring edvgrfr)
- installed MRTG (/usr/local/etc/mrtg)
- installed firefox (so long to install via ports)
- IP addresses:
rl0 192.168.0.1
dc0 203.215.106.226
- reconfigured Kernel (KERNEDV) foir natd and firewall
- Natd/fIREWALL

problem:
- cannot ping denied, ipfw disable firewall
- natd -interface dc0
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via dc0
/sbin/ipfw add pass all from any to any

Current Configs:
@RC.CONF
# -- sysinstall generated deltas -- # Thu Mar 17 05:38:59 2005
# Created: Thu Mar 17 05:38:59 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter=192.168.0.1
gateway_enable=YES
hostname=elive_server.elive.com
ifconfig_rl0=inet 192.168.0.1  netmask 255.255.255.0
inetd_enable=NO
linux_enable=YES
moused_enable=YES
sshd_enable=YES
usbd_enable=YES
# added for natd and firewall
firewall_enable=YES
natd_enable=YES
natd_interface=dc0
natd_flags=-f /etc/natd.conf

# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Wed Mar 16 22:01:13 2005
# -- sysinstall generated deltas -- # Wed Mar 16 22:01:13 2005
ifconfig_dc0=inet 203.215.106.226  netmask 255.255.255.0
defaultrouter=203.215.106.1
hostname=elive_server.elive.com

@natd.conf
interface dc0
use_sockets yes
same_ports yes

@ipfw show
00100  28  2096 divert 8668 ip from any to any via dc0
00200  37  3147 allow ip from any to any
65535 151 14646 deny ip from any to any

= can ping from server internet and LAN ip

- lan PC can ping server NIC1 and NIC2, but cant ping Internet

WORKING SCENARIO:
- Restart/Turn on machine.
- check if natd is running with correct interface
- check if ipfw contains same rules as above (chek interface)








___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]