Request:
Zhelyazko Georgiev
jeliazkoge at yahoo.com
Thu Oct 28 12:25:47 PDT 2004
Dear members of the freebsd mailing list,
I'm new to freebsd and still trying to learn some
basic concepts as far as configurating it as operating
system. The question that I'm about to ask is probably
very simple so I ask for your excuse to bother you
with hat question but I'm trying to figure it out for
a long time now and still no results.
I'm trying to setup my FreeBSD 5.2 Realease to act as
a Nat router/ gateway. I compiled the kernel by
including the following options :
options IPFIREWALL
options IPDIVERT
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options IPFILTER
options PFIL_HOOKS
attached are my inetd.conf ; ipf.rules ; ipnat.rules
and rc.conf files.
I'm able to ping both networks and access internet
from the freebsd machine. From the external network I
cannot see the internal (as it should be) from the
internal I can ping the internal IP 192.168.1.1 of my
FreeBSD box and also the external IP address
84.21.192.168 but I'm not able to see the router of my
ISP 84.21.192.1 and for that reason I do not have
internet for the internal network. Please help me to
figure out why I'm not able to make this thing to
work. Any help is highly appreciated. Thank you in advance.
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-------------- next part --------------
$FreeBSD: src/etc/inetd.conf,v 1.63 2003/06/09 21:04:30 markm Exp $
#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
#shell stream tcp nowait root /usr/libexec/rshd rshd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#exec stream tcp nowait root /usr/libexec/rexecd rexecd
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -s /tftpboot
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns. Only turn on what you
# need.
file "inetd.conf", 119 lines
-------------- next part --------------
#Basic ruleset
block in all with frag
#Only I can pass packets out on the external interface
pass out quick rl0 proto tcp from 84.21.192.150 to any keep state
pass out quick on rl0 proto udp from 84.21.192.150 to any keep state
pass out quick on rl0 proto icmp from 84.21.192.150 to any keep state
pass out quick all
block in on rl0 proto icmp all
pass in on rl0 proto icmp from any to any icmp-type echo
pass in on rl0 proto icmp from any to any icmp-type echorep
block in on rl0 proto icmp from any to any icmp-type unreach code3
#Block all other non established connections
block in quick on rl0 proto tcp from any to any flags S/SA
-------------- next part --------------
# -- sysinstall generated deltas -- # Thu Feb 3 00:05:26 2000
# Created: Thu Feb 3 00:05:26 2000
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="84.21.192.1"
gateway_enable="YES"
hostname="ironhost.server.com"
#ipsec_enable="YES"
enable_firewall="YES"
firewall_type="OPEN"
firewall_quiet="YES"
ipfilter_enable="YES"
ipnat_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.rules"
sendmail_enable="NONE"
fsck_y_enable="YES"
syslogd_enable="NO"
inetd_enable="YES"
ifconfig_rl0="inet 84.21.192.150 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.0.0"
linux_enable="YES"
moused_enable="YES"
sshd_enable="YES"
usbd_enable="NO"
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# Enable network daemons for user convenience.
# Created: Fri Feb 4 09:25:44 2000
# -- sysinstall generated deltas -- # Fri Feb 4 09:25:44 2000
ifconfig_rl0="inet 84.21.192.150 netmask 255.255.255.0"
file "rc.conf", 38 lines
-------------- next part --------------
map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:65000
map rl0 10.0.0.0/24 -> 0.0.0.0/32
rdr rl0 0.0.0.0/0 port 3389 -> 192.168.1.2 port 3389
More information about the freebsd-chat
mailing list