Collin J. Kreklow
collin at kreklow.us
Thu Oct 28 16:47:19 PDT 2004
On Thu, Oct 28, 2004 at 12:25:46PM -0700, Zhelyazko Georgiev wrote:
> Dear members of the freebsd mailing list,
> I'm new to freebsd and still trying to learn some
Welcome to FreeBSD!
> basic concepts as far as configurating it as operating
> system. The question that I'm about to ask is probably
> very simple so I ask for your excuse to bother you
> with hat question but I'm trying to figure it out for
> a long time now and still no results.
No problem. A helpful hint: it is usually better to ask general
questions on the -questions mailing list; -chat is mostly off-topic
> I'm trying to setup my FreeBSD 5.2 Realease to act as
> a Nat router/ gateway. I compiled the kernel by
> including the following options :
You should consider upgrading to 5.3 (RC1, soon to be Release). That's
not absolutely necessary, but it's a good idea.
> options IPFIREWALL
> options IPDIVERT
Since you're using ipf below, you don't need IPFIREWALL and IPDIVERT.
They are only used for ipfw and natd. You can leave them in if you
want, they won't do anything unless you enable ipfw or natd.
> options IPSEC
> options IPSEC_ESP
> options IPSEC_DEBUG
> options IPFILTER
> options PFIL_HOOKS
> attached are my inetd.conf ; ipf.rules ; ipnat.rules
> and rc.conf files.
> I'm able to ping both networks and access internet
> from the freebsd machine. From the external network I
> cannot see the internal (as it should be) from the
> internal I can ping the internal IP 192.168.1.1 of my
> FreeBSD box and also the external IP address
> 126.96.36.199 but I'm not able to see the router of my
> ISP 188.8.131.52 and for that reason I do not have
> internet for the internal network. Please help me to
> figure out why I'm not able to make this thing to
> work. Any help is highly appreciated. Thank you in advance.
Based on the information you have provided, I think we have similar
setups, so I'll base my suggestions off what I'm doing here.
The first place to start configuring is your rc.conf. The following
options control IPFW and natd. Since you are using ipf, you should
remove these from your rc.conf:
> natd_flags="-f /etc/natd.rules"
You should also remove this option:
It is not necessary because you have:
You also have this line twice (which should be harmless):
> ifconfig_rl0="inet 184.108.40.206 netmask 255.255.255.0"
I am no expert on ipf rules, so instead of commenting on what you have,
I'll just show you what I've got (xl0 is external, xl1 is internal):
block in all
block out all
pass in quick on lo0
pass out quick on lo0
pass in quick on xl1 from 192.168.1.0/24 to any
pass out quick on xl1 from any to 192.168.1.0/24
pass out on xl0 proto tcp from any to any flags S keep state keep frags
pass out on xl0 proto udp from any to any keep state
pass out on xl0 proto icmp from any to any icmp-type 8 keep state
pass out on xl0 proto gre from any to any keep state
map xl0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
map xl0 192.168.1.0/24 -> 0/32
Hopefully this information will get you pointed in the right direction.
More information about the freebsd-chat