Network Routing Problems???

Hakim Z. Singhji hakim.singhji at earthlink.net
Mon Aug 23 16:00:20 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

I want to thank everyone for there help...attached are the config files
for my FreeBSD gateway. I have rc.conf, ipfw rule-set and my natd.conf
file. I thought that I took care of incoming traffic, maybe you all can
help me and show me if I missed anything. Thank in advance


Hakim Z. Singhji wrote:
| Hello All,
|
| I am having problems getting a connection to my FreeBSD gateway from my
| Mandrake 10 Linux Machine. I am able to ping, traceroute, ssh etc. the
| linux box from my freeBSD machine however I am not able to ping the
| gateway. What could be the problem, this is my configuration:
|
| FreeBSD: Gateway, IPFW & NAT running
| HOSTNAME="redgate"
| dc0  - 24.199.***.*** [DHCP]
| txp0 - 192.168.1.1
| txp1 - unassigned
|
| Mandrake 10: Workstation
| HOSTNAME="metalgate"
|
| [root at metalgate:] route
| Destination    Gateway        Genmask        Interace
| 192.168.1.0    *        255.255.255.0    eth0
| 127.0.0.0    *        255.0.0.0    lo0
| default        192.168.1.1    0.0.0.0        eth0
|
| [root at metalgate:] ifconfig eth0
| eth0 link encap: Ethernet HiWadd:00:0D:87:27:C7:80
| inet 192.168.1.3 broadcast 192.168.1.255 mask /24
| UP BROADCAST RUNNING MULTICAST MTU 1500 metric 1
|
| [root at metalgate:] ping 192.168.1.1
| - ----------- redgate ping statistics---------------------
| 31 packets transmitted, 0 received, 100% packet loss
|
| _______________________________________________
| freebsd-questions at freebsd.org mailing list
| http://lists.freebsd.org/mailman/listinfo/freebsd-questions
| To unsubscribe, send any mail to
| "freebsd-questions-unsubscribe at freebsd.org"
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBKnc8lT9WV6TztkoRAn09AJ4iP8AS/Ai+vh4lyrCwsXe5/dyYaQCgg2JM
uEE8jHfxVr0Zevb4zTufpgs=
=Bsc7
-----END PGP SIGNATURE-----
-------------- next part --------------
###############################
# RC.CONF FILE
###############################

############ Network ##########

gateway_enable="YES"
network_interfaces="dc0 txp0 txp1"
hostname="redgate.ath.cx"
ifconfig_dc0="DHCP"
ifconfig_txp0="inet 192.168.1.1/24"
ifconfig_txp1="inet 192.168.1.2/24"
natd_enable="dc0"
natd_flags="-s -u -f /etc/natd.conf"

############# IPFW ############

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"

## Extra Firewalling Options ##

log_in_vain="YES"
tcp_drop_synfin="NO"
tcp_restrict_rst="YES"
icmp_drop_redirect="YES"

######## MISC RC Rules #########

...


-------------- next part --------------
################################
# IPFW.RULES
################################

add 00100 allow ip from any to any via lo0
add 00101 deny ip from any to 127.0.0.0/8

# from man ipfw: allow only tcp connections I've created
add 00300 check-state
add 00301 deny tcp from any to any in established
add 00302 allow tcp from any to any out setup keep-state

# allow DNS/UDP Packets
add 00400 allow udp from 207.69.188.185 53 to any in recv dc0
add 00401 allow udp from 207.69.188.186 53 to any in recv dc0
add 00402 allow udp from 207.69.188.187 53 to any in recv dc0
add 00403 allow udp from any to any out 

# allow DHCP
add 00500 allow udp from any 68 to 24.29.99.105. 67 out via dc0
add 00501 allow udp from 24.29.99.105 67 to any 68 in via dc0

# uncomment rules 00502 and 00503 if ISP's DHCP server has problems
#add 00502 allow udp from any 68 to 255.255.255.255 67 out via dc0
#add 00503 allow udp from any 67 to 255.255.255.255 68 in via dc0

#allow some icmp types (codes not supported)
add 00600 allow icmp from any to any icmptypes 3

#allow source quench in and out 
add 00601 allow icmp from any to any icmptypes 4

#allow me to ping out and receive response back
add 00602 allow icmp from any to any icmp types 8 out
add 00603 allow icmp from any to any icmptypes 0 in

#allow me to run traceroute
add 00604 allow icmp from any to any icmptypes 11 in
-------------- next part --------------
##################################
# NAT.CONF
##################################

# I'm not at all sure if this is ok for "diverting" these packets
# to my private network machines ip and port numbers???

redirect_port tcp 192.168.1.3:110 110 #pop3
redirect_port udp 192.168.1.3:110 110 #pop3
redirect_port tcp 192.168.1.3:25 25 #smtp
redirect_port udp 192.168.1.3:25 25 #smtp
redirect_port tcp 192.168.1.3:80 80 #http
redirect_port udp 192.168.1.3:80 80 #http








-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3260 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040823/2869b746/smime.bin

More information about the freebsd-questions mailing list