Re: problem with getway
On Wed, Aug 18, 2004 at 08:37:34AM -0500, James A. Coulter typed: > On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: > > I have install freebsd 4.x,and have two netcards. > > I want it as getway. > > I have config "gateway_enable=YES" in rc.conf,and then reboot. > > [a pc][freebsd]---[b pc] > > After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and > > b pc can ping freebsd successful,why? > > Please give me a hand. > > Thanks!! > > > > aetch > > Have you built a kernel with IPFW enabled and have you enabled natd in > your rc.conf? For what he wants to do (connecting two LANs via a FreeBSD gateway, you don't need a firewall nor nat. All you need to do is enable FreeBSD as a gateway, which he did, and tell both pc's what gateway to use to reach the other LAN, eg. on "a pc": C:\ route add 192.168.1.0 mask 255.255.255.0 192.168.0.1 (that is, if "a pc" is windows, in network 192.168.0.x, "b pc" is in network 192.168.1.x and the gateway's IP address on the "a pc" side has address 192.168.0.1) cheers, Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with getway
On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: > I have install freebsd 4.x,and have two netcards. > I want it as getway. > I have config "gateway_enable=YES" in rc.conf,and then reboot. > [a pc][freebsd]---[b pc] > After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and > b pc can ping freebsd successful,why? > Please give me a hand. > Thanks!! > > aetch Have you built a kernel with IPFW enabled and have you enabled natd in your rc.conf? Both IPFW (or perhaps IPFILTER) must be enabled to allow packet forwarding. Just setting gateway="yes" in rc.conf isn't enough (I know - I made the same mistake) You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and build a custom kernel with IPFW enabled. Here's the lines I added to my kernel: # IP Aliasing and Firewall options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT and here's what I put in my rc.conf: gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" You will also need to enable the firewall in rc.conf - what follows is for an entirely OPEN firewall, i.e. it allows anything and everything through. (But you must have the firewall enabled to use the IP forwarding capabilities): firewall_enable="YES" #firewall_type="OPEN" #firewall_script="/etc/openfirewall.rules" and the contents of /etc/openfirewall.rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc1 /sbin/ipfw add pass all from any to any Chapter 8 of the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html) and Chapter 14, Section 8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html have most of the information you'll need. In future posts, paste the contents of your rc.conf and any other files involved- that will help the list answer your question more quickly. HTH Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
