Configuring FreeBSD gateway/firewall?
Peter Elsner
peter at servplex.com
Mon Apr 14 06:59:39 PDT 2003
Silly question... Do you have gateway_enable="YES" in your rc.conf file?
At 10:27 PM 4/13/2003 -0700, you wrote:
>Ahh ... And I thought my first query was a bit too specific ...
>Here's my original message:
>
>I am attempting to turn a PC into a gateway/firewall for my home network.
>My ISP is Comcast ... So whatever ramifications therein, for better or
>worse, apply to my predicament ...
>
>I've gotten both interfaces up and working, but I can't seem to get it to
>switch packets from within the subnet out into the internet. The kernel is
>pretty much GENERIC 4.7, except with the GATEWAY option set, plus with
>
>net.link.ether.bridge=1
>
>In sysctl.conf
>
>My configuration is as follows:
>
>Gateway machine: "argonath"
>External network interface: sis0 12.235.54.203 (netgear card, ip provided by
>DHCP)
>Default route: 12.235.54.129 (presumably my cable modem)
>Private subnet interface: rl0 192.168.0.1
>
>Secondary subnetted machine "shelob":
>Interface 192.168.0.2
>Default route: 192.168.0.1
>
>I can ping & ssh to "argonath" from "shelob", and can reach the internet
>from argonath's rl0 ... But like I said, the gateway action isn't happening.
>
>One other thing I found odd is that when my secondary machine is plugged
>directly into the Comcast subnet, it reports a default route of 12.235.36.1,
>which seems more right, but I don't have experience enough in these matters
>to say, and what documentation I've found isn't specific enough to give me a
>clue about how to solve this problem ...
>
>Please help?
>
>Thanks,
>John
>
>
>
>On 4/13/03 9:54 PM, "Andrew Brampton" <andrew at bramp.freeserve.co.uk> wrote:
>
> > I believe there is something wrong with your configuration...
> >
> > Ask a vague question, and get a vague answer, ask a specific question, and
> > we will give you a specific answer. Please provide as much details as you
> > can when asking your question, and exactly what the problem is.
> >
> > Andrew
> > ----- Original Message -----
> > From: "John C" <johnc909 at comcast.net>
> > To: <freebsd-questions at FreeBSD.ORG>
> > Sent: Monday, April 14, 2003 5:24 AM
> > Subject: Configuring FreeBSD gateway/firewall?
> >
> >
> >> Hello ... I'm trying to configure a FreeBSD machine to act as a gateway
> >> between my ISP network (Comcast) and my own private subnet.
> >> I've followed all documentation so far for this type of configuration ...
> >>
> >> Pleasse help?
> >>
> >> -john
> >>
> >> _______________________________________________
> >> freebsd-questions at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >> To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> >>
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
----------------------------------------------------------------------------------------------------------
Peter Elsner <peter at servplex.com>
Vice President Of Customer Service (And System Administrator)
1835 S. Carrier Parkway
Grand Prairie, Texas 75051
(972) 263-2080 - Voice
(972) 263-2082 - Fax
(972) 489-4838 - Cell Phone
(425) 988-8061 - eFax
I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry
that 10 or 15 years from now, she will come to me and say "Daddy, where
were you when they took freedom of the press away from the Internet?"
-- Mike Godwin
Unix IS user friendly... It's just selective about who its friends are.
System Administration - It's a dirty job, but somebody said I had to do it.
If you receive something that says 'Send this to everyone you know,
pretend you don't know me.
Standard $500/message proofreading fee applies for UCE.
More information about the freebsd-questions
mailing list