Re: Adding a FreeBSD Gateway on a DSL/ ATM circuit

2006-08-03 Thread David Kelly 
On Thu, Aug 03, 2006 at 08:35:42AM -1000, [EMAIL PROTECTED] wrote:
 
 I can ping from the gateway box nic to the internet ok. I can ping from 
 the Test box to the Lan side of the gateway box OK. I cant reach the 
 internet thru the gateway. I have read probably 5 howtos from the 
 FreeBSD hand book and elsewhere and none are exactly what I am doing.

A properly designed DSL/ATM modem or router is not going to allow
private IP addresses onto the public internet. So you can not get thru
the FreeBSD gateway without NAT to map 192.168/16 to the gateway
external IP address.

At the very least you need to enable gateway and NAT. One way to do NAT
is with IPFW.

in /etc/rc.conf I have:

firewall_enable=YES   # Set to YES to enable firewall functionality
firewall_type=client  # really ought to remove this from custom script
firewall_script=/etc/dmk.firewall # my custom script
natd_enable=YES   # Enable natd (if firewall_enable == YES).
natd_interface=fxp1   # the external interface to place nat'ed packets
natd__flags=-f /etc/natd.conf # some natd config
gateway_enable=YES# both natd and gateway needed

/etc/natd.conf looks like this:

interface fxp1
log_denied
log_facility security
use_sockets
same_ports
dynamic
log_ipfw_denied
punch_fw4900:99 

punch_fw defines where dynamic rules are inserted in my ipfw ruleset to support 
ftp.

/etc/dmk.firewall is only a modified version of the stock rc.firewall.

-- 
David Kelly N4HHE, [EMAIL PROTECTED]

Whom computers would destroy, they must first drive mad.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Adding a FreeBSD Gateway on a DSL/ ATM circuit

2006-08-03 Thread Murray Taylor 
look at the defaults in /etc/defaults/rc.conf

specifically look for lines with gateway in them
iegateway_enable=NO

copy the appropriate lines into /etc/rc.conf

edit  
iegateway_enable=YES


You will need to set the the default_route line also to point 
to the isp  I  think ...

HTH
mjt


 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 [EMAIL PROTECTED]
 Sent: Friday, 4 August 2006 4:36 AM
 To: freebsd-questions@freebsd.org
 Subject: Adding a FreeBSD Gateway on a DSL/ ATM circuit
 
 Aloha,
 
 My current problem is that I need to use a box as a FreeBSD 
 6.* gateway/firewall to the internet protecting  an MS box 
 that is in the office for doing a lot of photo work and 
 uploading to servers for the company my wife works with. I 
 was going to use a freesco (Linux)disk 
 /firewall/gateway/router like I have on my single dsl 1.5/384 line. 
 (This is currently what is protecting the MS box on this circuit.)
 
 However, the freesco setup does not work as a gateway on the 
 leg of the ATM 5 IP circuit where we want to move the MS box 
 to. I have tried to get it setup and have emailed the freesco 
 lists and apparently no one has accomplished this.
 
 I have now built a FreeBSD box with 2 nics to use as a 
 gateway/router/firewall between the single MS box and the 
 internet. ed1 is on the 66.xxx.132.236 leg of the ATM. The 
 defaultgateway on the internet side of the ATM is 66.xxx.132.233.
 The LAN side of the box ed0 is 192.168.1.1 to which the MS 
 box is directed.  ( I am using a test box 192.168.1.29 with 
 FreeBSD 6* in place of the MS box at this point.)
 
 I can ping from the gateway box nic to the internet ok. I can 
 ping from the Test box to the Lan side of the gateway box OK. 
 I cant reach the internet thru the gateway. I have read 
 probably 5 howtos from the FreeBSD hand book and elsewhere 
 and none are exactly what I am doing.
 
 On FreeBSD Questions list recently there was a similar issue 
 question posted but no body answered the post.
 
 It had to do with rc.conf
 
 Listing both Nics  ifconfig_ed0 =66.xxx.132.236  netmask
 255.255.255.248  #inet side
ifconfig -ed1=192.168.1.1 netmask 
 255. 255.255.0   # lan side
and gateway_enable=YES which 
 I have done.
 
 At this point I have not attempted a firewall PF or IPFW 
 since I cant reach the internet thru the gateway and I want 
 to understand what is not right with this setup first.
 
 If I use: route add -net 192.168.1 .29192.168.1.1
 
 I can no longer ping the Lan side of the gateway from the test box.
 
 Can you direct me to or give me a howto on setting this up so 
 I can reach the internet if indeed its possible using a 
 gateway/firewall on the leg of an ATM circuit? Any help would 
 be appreciated.
 
 Thanks,
 
 Al Plant - Honolulu, Hawaii
 
 - Admin -- http://hawaiidakine.com -- http://hdk5.com --
 -- http://internetohana.org -- http://freeBSDinfo.org --  + 
 Supporting open source computing - FreeBSD 6.* +
 
 
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
 [EMAIL PROTECTED]
 
 ***This Email has been scanned for Viruses by MailMarshal.***
 
---
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material. 

E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---

***This Email has been scanned for Viruses by MailMarshal.***
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]