Re: help setting up natd and ipfw on freebsd5.2.1
Thanks for all the help with setting up the natd and ipfw.. I will spend some time trying to learn how to setup the proper firewall for my network. I was woundering what would be the proper cource of action on setting up dns services for the entire network. Should I just setup dns on that gateway? Antoine W. Solomon Jr. ana wrote: hi i dont know if this will help. but you can try using firewall_type="OPEN" oh an you might want to set your: network_interfaces="dc0" ifconfig_dc0="DHCP" if you havent done that already. enjoy. --AMS Hello all, I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no luck. What I wanted to do was to setup a gateway for my internal network to my cable provider. On my server box I have two ethernet card dc0 pointing to cable modem and dc1 pointing to hub so that the other computers may connect with my bsd gateway. I managed recompile the kernel with options IPFIREWALL and IPDIVERT and kernel compiled successfully. Then I add natd, gateway and firewall to my rc.conf file gateway_enable="YES" natd_enable="YES' natd_interface="dc0" firewall_enable="YES" firewall_type="/etc/rc.firewall" I wanted to ping an external and internal hosts to see if this configuration worked so I really didn't want to have the firewall up so I added these 3 lines to my rc.firewall file /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc0 /sbin/ipfw add pass from any to any I wasn't able to ping any host inside or outside of my computer. When I disabled the ipfw I was able to ping them. Also I wanted to make sure if I needed to configure a dns server on my firewall to allow such services like http and ftp for internal hosts. I know that there are more sophisticated ipfw setups but I wanted to just get the natd setup so I could concentrate on the firewall later on. Thanks if you can help Antoine W. Solomon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: help setting up natd and ipfw on freebsd5.2.1
asolomon15 wrote: Hello all, I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no luck. What I wanted to do was to setup a gateway for my internal network to my cable provider. On my server box I have two ethernet card dc0 pointing to cable modem and dc1 pointing to hub so that the other computers may connect with my bsd gateway. I managed recompile the kernel with options IPFIREWALL and IPDIVERT and kernel compiled successfully. Then I add natd, gateway and firewall to my rc.conf file gateway_enable="YES" natd_enable="YES' natd_interface="dc0" firewall_enable="YES" firewall_type="/etc/rc.firewall" I think you mixed up the following two (excerpt from /etc/default/rc.conf): firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) To fix your mistake, I would then not touch the firewall_script variable, but only set firewall_type in /etc/rc.conf: firewall_type="open" - Then why your ping doesn't work with firewall, and works when firewall off: It seems you are not using options IPFIREWALL_DEFAULT_TO_ACCEPT" in your kernel configuration, which means, by default your kernel blocks *everything* (also the ping). Since you used the wrong variable settings in /etc/rc.conf, you ended up with firewall that blocks everything. Disabling the firewall, opens up your connections again. Hence the behaviour of your ping tests. Using firewall_type="open" in rc.conf will prevent this. Check your firewall settings, as root, "ipfw list". Does this make sense to you? Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: help setting up natd and ipfw on freebsd5.2.1
On Thursday 10 June 2004 03:59, asolomon15 wrote: > Hello all, > I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no > luck. What I wanted to do was to setup a gateway for my internal > network to my cable provider. On my server box I have two ethernet card > dc0 pointing to cable modem and dc1 pointing to hub so that the other > computers may connect with my bsd gateway. I managed recompile the > kernel with options IPFIREWALL and IPDIVERT and kernel compiled > successfully. > > Then I add natd, gateway and firewall to my rc.conf file > gateway_enable="YES" > natd_enable="YES' > natd_interface="dc0" > firewall_enable="YES" > firewall_type="/etc/rc.firewall" You can use the standard firewall script in /etc/rc.firewall as is without modification, if you change natd_enable="YES' to natd_enable="YES" and firewall_type="/etc/rc.firewall" to firewall_type="OPEN". > I wanted to ping an external and internal hosts to see if this > configuration worked so I really didn't want to have the firewall up > so I added these 3 lines to my rc.firewall file > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via dc0 > /sbin/ipfw add pass from any to any > > I wasn't able to ping any host inside or outside of my computer. When I > disabled the ipfw I was able to ping them. Also I wanted to make sure > if I needed to configure a dns server on my firewall to allow such > services like http and ftp for internal hosts. I know that there are > more sophisticated ipfw setups but I wanted to just get the natd setup > so I could concentrate on the firewall later on. > > > Thanks if you can help > Antoine W. Solomon > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" -- Christian Hiris <[EMAIL PROTECTED]> | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu pgpDXbIqb3L6n.pgp Description: signature
Re: help setting up natd and ipfw on freebsd5.2.1
On Wed, 9 Jun 2004, asolomon15 wrote: Then I add natd, gateway and firewall to my rc.conf file gateway_enable="YES" natd_enable="YES' natd_interface="dc0" firewall_enable="YES" firewall_type="/etc/rc.firewall" The last line is wrong. You're mixing the name of the firewall script with the type. Later in your message you said you wanted an open firewall, so try this instead: firewall_type="OPEN" See the contents of /etc/rc.firewall to compare the different types of predefined firewall scripts. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
help setting up natd and ipfw on freebsd5.2.1
Hello all, I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no luck. What I wanted to do was to setup a gateway for my internal network to my cable provider. On my server box I have two ethernet card dc0 pointing to cable modem and dc1 pointing to hub so that the other computers may connect with my bsd gateway. I managed recompile the kernel with options IPFIREWALL and IPDIVERT and kernel compiled successfully. Then I add natd, gateway and firewall to my rc.conf file gateway_enable="YES" natd_enable="YES' natd_interface="dc0" firewall_enable="YES" firewall_type="/etc/rc.firewall" I wanted to ping an external and internal hosts to see if this configuration worked so I really didn't want to have the firewall up so I added these 3 lines to my rc.firewall file /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc0 /sbin/ipfw add pass from any to any I wasn't able to ping any host inside or outside of my computer. When I disabled the ipfw I was able to ping them. Also I wanted to make sure if I needed to configure a dns server on my firewall to allow such services like http and ftp for internal hosts. I know that there are more sophisticated ipfw setups but I wanted to just get the natd setup so I could concentrate on the firewall later on. Thanks if you can help Antoine W. Solomon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"