Re: gateway_enable=NO
In freebsd-questions Digest, Vol 339, Issue 1, Message: 20 On Mon, 29 Nov 2010 01:40:21 +0100 Lokadamus lokada...@gmx.de wrote: Am 25.11.2010 05:38, schrieb Lamac Lamaco: The system installed now and in adresses /etc or /etc/rc.d there is no script. Does system work in default as ROUTER? I ask this question, because i tried it works. As it is written gateway_enable=NO # Set to YES if this host will be a gateway in the address - /etc/defaults/rc.conf But if I write gateway_enable=NO in the address /etc/rc.conf , my system will work in as ROUTER. I say this because the host in my system's local network can ping my system's global IP. As i know it can be only in ROUTER. No, being able to ping any address on any interface on a system is not the same as being able to route packets elsewhere through that system. Only specific firewall rules would prevent that, if you had some need to deny inside net hosts access to some service/s bound to your outside IP. If a local network host can ping anywhere outside through your system, then it's acting as a gateway aka router for that host; not otherwise. Thanks. No worries. No, in default FreeBSD isn't working as a router. Right. Look with sysctl at: net.inet.ip.fw.default_to_accept When is it set to 1, FreeBSD is working as a router, with a value of 0 it doesn't work as a router. Wrong; sysctl net.inet.ip.fw.default_to_accept has nothing to do with this; gateway_enable=YES causes setting sysctl net.inet.ip.forwarding=1 Look with tcpdump where networktraffic is going. http://www.freebsd.org/doc/handbook/network-routing.html Good advice. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable=NO
Am 25.11.2010 05:38, schrieb Lamac Lamaco: The system installed now and in adresses /etc or /etc/rc.d there is no script. Does system work in default as ROUTER? I ask this question, because i tried it works. As it is written gateway_enable=NO # Set to YES if this host will be a gateway in the address - /etc/defaults/rc.conf But if I write gateway_enable=NO in the address /etc/rc.conf , my system will work in as ROUTER. I say this because the host in my system's local network can ping my system's global IP. As i know it can be only in ROUTER. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No, in default FreeBSD isn't working as a router. Look with sysctl at: net.inet.ip.fw.default_to_accept When is it set to 1, FreeBSD is working as a router, with a value of 0 it doesn't work as a router. Look with tcpdump where networktraffic is going. http://www.freebsd.org/doc/handbook/network-routing.html http://www.freebsd.org/doc/handbook/network-natd.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gateway_enable=NO
The system installed now and in adresses /etc or /etc/rc.d there is no script. Does system work in default as ROUTER? I ask this question, because i tried it works. As it is written gateway_enable=NO # Set to YES if this host will be a gateway in the address - /etc/defaults/rc.conf But if I write gateway_enable=NO in the address /etc/rc.conf , my system will work in as ROUTER. I say this because the host in my system's local network can ping my system's global IP. As i know it can be only in ROUTER. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gateway_Enable=NO
For the rist of not fully understanding your question: On Tue, 23 Nov 2010 08:55:11 +0400, Lamac Lamaco lamac...@gmail.com wrote: Hi. Why FReeBSD working how router, When I have put in /etc/rc.conf - Gateway_Enable=NO??? And by default Gateway_Enable=YES or? No. The default is gateway_enable=NO as you can see in /etc/defaults/rc.conf - and please note the lowercase letters: The names of the settings are case-sensitive, so if you write Gateway_Enable, this will not have ANY effect. Check out the scripts in /etc/ and /etc/rc.d/ to see what effects gateway_enable=YES will cause. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Gateway_Enable=NO
Hi. Why FReeBSD working how router, When I have put in /etc/rc.conf - Gateway_Enable=NO??? And by default Gateway_Enable=YES or? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gateway_Enable=NO
On Mon, Nov 22, 2010 at 10:55 PM, Lamac Lamaco lamac...@gmail.com wrote: Hi. Why FReeBSD working how router, When I have put in /etc/rc.conf - Gateway_Enable=NO??? And by default Gateway_Enable=YES or? I suggest getting someone or something to help you translate your question to English. From what you have presented, you need to use gateway_enable= NOT Gateway_Enable= It is case-sensitive. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable
Thank you for your support. You're right, our administrator has to add a route back to the new gateway. Am Mittwoch, 15. September 2010, 21:30:08 schrieb Beat Siegenthaler: On 15.09.10 21:10, Wolfgang Riegler wrote: I thought gateway_enable=YES in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? Looks all ok. But does 192.168.40.1 have a route to 192.168.50.0/24 via GW 192.168.40.122? Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.40.1 UGS 00rl0 127.0.0.1 link#6 UH 00lo0 192.168.40.0/24link#2 U 1 274rl0 192.168.40.122 link#2 UHS 00lo0 192.168.50.0/24link#1 U 0 15re0 192.168.50.1 link#1 UHS 00lo0 Gruss Beat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gateway_enable
Hi, I have a question about building a FreeBSD gateway. I want to create a subnet in our internal company network. I have installed FreeBSD 8.0 RELEASE i386, no updates, right from the FreeBSD CD. Now I want to configure this box as the gateway of the subnet. I have two NICs configured. One external for the company network and one for the new subnet. On this box I can reach any other computer in our internal network, I have internet access, too, and I can reach the box on the subnet. The box on the subnet is able to ping both NICs on my FreeBSD box, but cannot reach any other computer of my company network or the internet. Because I don't need any firewall on this subnet, I thought gateway_enable=YES in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? # cat /etc/rc.conf keymap=german.iso moused_enable=YES sshd_enable=YES hostname=gw2 ifconfig_rl0=DHCP ifconfig_re0=inet 192.168.50.1 netmask 255.255.255.0 gateway_enable=YES # sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.40.1 UGS 00rl0 127.0.0.1 link#6 UH 00lo0 192.168.40.0/24link#2 U 1 274rl0 192.168.40.122 link#2 UHS 00lo0 192.168.50.0/24link#1 U 0 15re0 192.168.50.1 link#1 UHS 00lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 link#6U lo0 fe80::1%lo0 link#6UHS lo0 ff01:6::/32 fe80::1%lo0 U lo0 ff02::%lo0/32 fe80::1%lo0 U lo0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable
On Sep 15, 2010, at 12:10 PM, Wolfgang Riegler wrote: I want to create a subnet in our internal company network. I have installed FreeBSD 8.0 RELEASE i386, no updates, right from the FreeBSD CD. Now I want to configure this box as the gateway of the subnet. I have two NICs configured. One external for the company network and one for the new subnet. On this box I can reach any other computer in our internal network, I have internet access, too, and I can reach the box on the subnet. The box on the subnet is able to ping both NICs on my FreeBSD box, but cannot reach any other computer of my company network or the internet. Because I don't need any firewall on this subnet, I thought gateway_enable=YES in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? Yes. What you've done thus far should work fine if your internal subnet was using routable IPs; since you are using 192.168.x.y RFC-1918 unroutable IPs, you want to also setup NAT on your gateway box: http://www.freebsd.org/doc/handbook/network-natd.html Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable
On 15.09.10 21:10, Wolfgang Riegler wrote: I thought gateway_enable=YES in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? Looks all ok. But does 192.168.40.1 have a route to 192.168.50.0/24 via GW 192.168.40.122? Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.40.1 UGS 00rl0 127.0.0.1 link#6 UH 00lo0 192.168.40.0/24link#2 U 1 274rl0 192.168.40.122 link#2 UHS 00lo0 192.168.50.0/24link#1 U 0 15re0 192.168.50.1 link#1 UHS 00lo0 Gruss Beat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable
On Wed, Sep 15, 2010 at 3:30 PM, Beat Siegenthaler beat.siegentha...@beatsnet.com wrote: On 15.09.10 21:10, Wolfgang Riegler wrote: I thought gateway_enable=YES in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else? Looks all ok. But does 192.168.40.1 have a route to 192.168.50.0/24 via GW 192.168.40.122? Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.40.1 UGS 00rl0 127.0.0.1 link#6 UH 00lo0 192.168.40.0/24link#2 U 1 274rl0 192.168.40.122 link#2 UHS 00lo0 192.168.50.0/24link#1 U 0 15re0 192.168.50.1 link#1 UHS 00lo0 Gruss Beat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org As Beat questioned, I suspect your company network (192.168.40.0/24) know that it must use your machine (192.168.50.122) as it's gateway to get to 192.168.50.0/24 ? In other words, it would appear you have one side of the equation correct but are missing the other side. Assuming the other gateway is the (single) default gateway for 192.168.40.0/24 - you should simply have to add a route on that router instructing it to use 192.168.40.122 (your ip) as the gateway to the other subnet you created as 192.168.50.0/24. NETWORK A - use 192.168.50.1 as default gateway 192.168.50.1 == router == 192.168.40.122 NETWORK B - use 192.168.40.1 as default gateway 192.168.40.1 == router - add entry on this router to use 192.168.40.122 to get to 192.168.50.1 Unfortunately, without seeing the route table for both sides I can't be sure - but like I'd said and Beat had eluded to, I think your missing the instructions to the other side of the route. -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gateway_enable question
On Fri, Dec 10, 2004 at 03:20:14PM -0500, David Banning wrote: My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? I have gateway enabled, but natd disabled, which blocks the traffic from inside to outside, I believe. I have my nat running in ppp, and when I disable it, all the network still happily connects to the net. I don't have natd running either. Figure that out. I may be that squid is doing some nat function. Do all win boxes use squid for their internet traffic and is squid located on the nat router? If so then the win boxes don't need nat or even for the route to have ip forwarding enabled since all that happens is they open a connection to squid and tell it to get a webpage, then squid opens a new connection to talk to the website. So the traffic on the internet is really generated by the router which isn't really routing at all. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
On 2004-12-11 00:46, David Banning [EMAIL PROTECTED] wrote: Lots of guys have suggested the firewall. On ipfw, that'd be something like (put your rule number for N and sub your network in for 192.168.0): add N deny ip from any 192.168.0/24 to any out via tun0 (I'm assuming your PPP uses the first tunnel device?) Not sure what the -first- tunnel device is; tun0. As seen below, you *are* using the first tun device :-) root# ifconfig dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::220:78ff:fe0e:13d6%dc0 prefixlen 64 scopeid 0x1 ether 00:20:78:0e:13:d6 media: Ethernet autoselect (10baseT/UTP) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 209.161.205.12 netmask 0xff00 broadcast 209.161.205.255 inet6 fe80::248:54ff:fe8c:13e5%rl0 prefixlen 64 scopeid 0x2 ether 00:48:54:8c:13:e5 media: Ethernet autoselect (10baseT/UTP) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 209.161.205.12 -- 207.136.64.4 netmask 0x Opened by PID 10689 My ppp.conf sets rl0 It seems like you have a dc0 interface attached to the internal 192.168.1/24 network and rl0 attached (through tun0) to the world. In another portion of this thread you stated: On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. Then make sure you don't forward IP packets for anyone. The BSD box will then allow any machine on the internal network (visible through dc0) to use the services of the BSD server, but not anything beyond it. This is easy to do: # sysctl net.inet.ip.forwarding=0 After this you should be set ;-) If you want to be extra paranoid, you can block at the BSD box all the packets that come from the internal dc0 network and are *not* destined for 192.168.1/24 addresses: ipfw add allow ip from 192.168.1.0/24 to 192.168.1.0/24 via dc0 ipfw add block ip from 192.168.1.0/24 to any ipfw add block ip from any to 192.168.1.0/24 any - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
David Banning wrote: On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. Now, that seems a little weird. Do you not have a hub or switch other than the BSD box on this network? Unless you're doing some strange routing or something, everybody on the wire ought to see everybody else regardless of the settings on the firewall (except they maybe won't see *it* ...) DSL Modem BSD Box HUB All win boxes Everyone does see each other. I just don't want the win boxes to see the internet; but I -do- want them to continue to see each other. Giorgios' ipfw rules (last post in thread) take care of this well. I suppose I was just confused; even if you told the BSD box to block all traffic on the internal interface, the Winboxen would still be able to communicate. Probably I misread or misinterpreted your paragraph. Hope all's well now. Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
On Fri, Dec 10, 2004 at 01:56:44PM +0900, Rob wrote: David Banning wrote: I have a few win boxes which use my FreeBSD box as a gateway to the net. I am wondering how I can keep a network connection between all the computers, allowing the FreeBSD box to still be connected to the net, but disallow all win boxes from connecting to the net? My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? I have gateway enabled, but natd disabled, which blocks the traffic from inside to outside, I believe. Actually, not running natd simply means that the traffic passing though won't be NATed, but I bet it is still going through. Now your ISP may still block the traffic because the address ur internal network uses are not allowed on the internet, but not all isps will neccessarily block it and traffic may indeed get out, just with no route back. This might be a great way to do a DoS attack on someone without needing to be root. I think the proper way to not forward traffic would be to setup a firewall to block it, or disable ip forwarding with sysctl net.inet.ip.forwarding=0, or even both! Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
If you use nat, killing natd might be an option. You could also put up a firewall that blocks those computers ip addresses. Maybe have 2 firewall configs. You could simply run a flush and then load the new ones on the command line. (ipfw) Thanks Lucas. I have tried killing the ppp nat that I run by killing; /usr/sbin/ppp -quiet -ddial -nat default and running; /usr/sbin/ppp -quiet -ddial default but surprisingly, the network machines can still access the internet. To me that is strange, especially when you consider that I don't have natd running either. There must be something doing the network translation unseen to me. I am running squid and dansguardian - I don't know if they provide any nat function. On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. ipfw would be great - my main problem is that I want to block the win boxes from using messenger which tries any and all ports, but I don't want to block my x-win (xwin32) terminal connection to unix from each win box - which -also- seems to want to pick it's own port every time it runs. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
#ipfw add open rule number deny ip from any to any via dev facing lan but this would stop the win boxes from access the unix box via the network, would it not? ipfw would be great - my main problem is that I want to block the win boxes from using messenger which tries any and all ports, but I don't want to block my x-win (xwin32) terminal connection to unix from each win box - which -also- seems to want to pick it's own port every time it runs. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
David Banning wrote: My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? I have gateway enabled, but natd disabled, which blocks the traffic from inside to outside, I believe. I have my nat running in ppp, and when I disable it, all the network still happily connects to the net. I don't have natd running either. Figure that out. I may be that squid is doing some nat function. Seems likely, as it's a proxy server. But I'm not into proxy servers, so don't consider that authoritative. Lots of guys have suggested the firewall. On ipfw, that'd be something like (put your rule number for N and sub your network in for 192.168.0): add N deny ip from any 192.168.0/24 to any out via tun0 (I'm assuming your PPP uses the first tunnel device?) In another portion of this thread you stated: On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. Now, that seems a little weird. Do you not have a hub or switch other than the BSD box on this network? Unless you're doing some strange routing or something, everybody on the wire ought to see everybody else regardless of the settings on the firewall (except they maybe won't see *it* ...) HTH, Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
Lots of guys have suggested the firewall. On ipfw, that'd be something like (put your rule number for N and sub your network in for 192.168.0): add N deny ip from any 192.168.0/24 to any out via tun0 (I'm assuming your PPP uses the first tunnel device?) Not sure what the -first- tunnel device is; root# ifconfig dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::220:78ff:fe0e:13d6%dc0 prefixlen 64 scopeid 0x1 ether 00:20:78:0e:13:d6 media: Ethernet autoselect (10baseT/UTP) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 209.161.205.12 netmask 0xff00 broadcast 209.161.205.255 inet6 fe80::248:54ff:fe8c:13e5%rl0 prefixlen 64 scopeid 0x2 ether 00:48:54:8c:13:e5 media: Ethernet autoselect (10baseT/UTP) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 209.161.205.12 -- 207.136.64.4 netmask 0x Opened by PID 10689 My ppp.conf sets rl0 In another portion of this thread you stated: On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. Now, that seems a little weird. Do you not have a hub or switch other than the BSD box on this network? Unless you're doing some strange routing or something, everybody on the wire ought to see everybody else regardless of the settings on the firewall (except they maybe won't see *it* ...) DSL Modem BSD Box HUB All win boxes Everyone does see each other. I just don't want the win boxes to see the internet; but I -do- want them to continue to see each other. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? I have gateway enabled, but natd disabled, which blocks the traffic from inside to outside, I believe. I have my nat running in ppp, and when I disable it, all the network still happily connects to the net. I don't have natd running either. Figure that out. I may be that squid is doing some nat function. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gateway_enable question
I have a few win boxes which use my FreeBSD box as a gateway to the net. I am wondering how I can keep a network connection between all the computers, allowing the FreeBSD box to still be connected to the net, but disallow all win boxes from connecting to the net? My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
David Banning wrote: I have a few win boxes which use my FreeBSD box as a gateway to the net. I am wondering how I can keep a network connection between all the computers, allowing the FreeBSD box to still be connected to the net, but disallow all win boxes from connecting to the net? My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? Another option: Try tweaking your firewall rule set to deny all traffic from the card facing the inside lan? For example, using ipfw: #ipfw add open rule number deny ip from any to any via dev facing lan Check out the man for your firewall for more info. Just a thought, might work for ya. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gateway_enable question
David Banning wrote: I have a few win boxes which use my FreeBSD box as a gateway to the net. I am wondering how I can keep a network connection between all the computers, allowing the FreeBSD box to still be connected to the net, but disallow all win boxes from connecting to the net? My thought was to disable the gateway configuration set in rc.conf. How do I disable the gateway option without rebooting? I have gateway enabled, but natd disabled, which blocks the traffic from inside to outside, I believe. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gateway_enable=YES without a restart
Hi, I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) Sorry if this sounds a bit lame, but I'm trying to beat my 21day uptime on Windows 2k. So what command could I type, or which process could I kill/restart so that my box will function as a gateway? I had a quick scan through the man page on rc.conf, but didn't find anything of relevance, but I did find many other useful lines I might add to my rc.conf file later (just to play around with).. Anyway I'll be very gratefull if someone could tell me how to keep this uptime :) thanks Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
Thus spake Andrew Brampton ([EMAIL PROTECTED]): Hi, I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) # sysctl net.inet.ip.forwarding=1 Nick -- We demand rigidly defined areas of doubt and uncertainty. -- Douglas Adams To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
On Sun, Nov 03, 2002 at 11:06:04PM -, Andrew Brampton wrote: Hi, I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) Sorry if this sounds a bit lame, but I'm trying to beat my 21day uptime on Windows 2k. So what command could I type, or which process could I kill/restart so that my box will function as a gateway? sysctl net.inet.ip.forwarding=1 is the command you are looking for. (This is most easily figured out by looking in /etc/rc.network and seeing what command is executed when rc.conf contains gateway_enable=yes ) I had a quick scan through the man page on rc.conf, but didn't find anything of relevance, but I did find many other useful lines I might add to my rc.conf file later (just to play around with).. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
On Sun, Nov 03, 2002 at 11:06:04PM -, Andrew Brampton wrote: So what command could I type, or which process could I kill/restart so that my box will function as a gateway? Just run: sysctl net.inet.ip.forwarding=1 In general, if you're setting a variable in rc.conf and what to see what it actually does, then you can run: grep gateway_enable /etc/rc* and then look in each file to see which commands are invoked. Ceri -- Remember the mines of the legions! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
Hi, I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) Sorry if this sounds a bit lame, but I'm trying to beat my 21day uptime on Windows 2k. So what command could I type, or which process could I kill/restart so that my box will function as a gateway? sysctl -w net.inet.ip.forwarding=1 I had a quick scan through the man page on rc.conf, but didn't find anything of relevance, but I did find many other useful lines I might add to my rc.conf file later (just to play around with).. Anyway I'll be very gratefull if someone could tell me how to keep this uptime :) thanks Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
On Sun, Nov 03, 2002 at 11:06:04PM -, Andrew Brampton wrote: I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) Sorry if this sounds a bit lame, but I'm trying to beat my 21day uptime on Windows 2k. So what command could I type, or which process could I kill/restart so that my box will function as a gateway? sysctl net.inet.ip.forwarding=1 That, and appropriate entries in your routing tables are all you need to make your machine route packets between interfaces. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gateway_enable=YES without a restart
Well thankyou all for your replies, that one line did the trick, and now I know where to look in future for rc.conf settings. Andrew - Original Message - From: Andrew Brampton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 11:06 PM Subject: gateway_enable=YES without a restart Hi, I'm new to FreeBSD, I've had my box running for about 3-4 weeks now. Anyway I've decided to enable it as a gateway by editing the /etc/rc.conf file. I previously had it running as a gateway but I commented the gateway_enable=YES line. Now I want to uncomment this line so it routes my traffic, but I don't want to actually restart my box because its got a 17 day uptime, and I want to see how high I can get it, and the past 17 days would of been wasted if I reboot :) Sorry if this sounds a bit lame, but I'm trying to beat my 21day uptime on Windows 2k. So what command could I type, or which process could I kill/restart so that my box will function as a gateway? I had a quick scan through the man page on rc.conf, but didn't find anything of relevance, but I did find many other useful lines I might add to my rc.conf file later (just to play around with).. Anyway I'll be very gratefull if someone could tell me how to keep this uptime :) thanks Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
