router in freebsd 5.2
sonjaya
son_jaya at yahoo.com
Tue Oct 12 23:36:53 PDT 2004
dear all
i newbie in freebsd ,
i wan create router in freebsd 5.2 here my topolgi
lan(1)--lan(2)--lan(3)gw--internet
lan(1)= 192.168.1.1/24
lan(2)= 172.18.2.1/16
lan(3)= 172.18.1.1/16
gw = 202.158.xx.xx
1. I wan't i can't access from lan(1) to lan(2) ,
also to lan(3) ( ping , etc )
2. In lan(2) can go direct to gw ( internet) with
default gw 172.18.1.1
3.i want make lan(1) connect direct to internet by
gw(172.18.2.1)see point no.2
4. lan(3) linux router+NAT(IPtables) , lan(2) Freebsd
5.2 , lan(1) microsoft net
i follow step in here :
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/article.html
here my rc.conf ( lan(2))
rl0=172.18.2.1/16
rl1=192.168.1.1/24
hostname="gw.rt-rw.net"
defaultrouter="172.18.1.1"
ifconfig_rl0="inet 172.18.5.1 netmask 255.255.0.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/fw1"
router_flags="-q"
router="/sbin/routed"
router_enable="YES"
gateway_enable="YES"
and here my firewall script ( /etc/fw1)
# Define the firewall command (as in /etc/rc.firewall)
for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp
this
# defaults to tun0.
oif="rl0"
# Define our inside interface. This is usually your
network
# card. Be sure to change this to match your own
network
# interface.
iif="rl1"
# Force a flushing of the current rules before we
reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not
verrevpath
# Allow all connections that we initiate, and keep
their state.
# but deny established connections that don't have a
dynamic rule.
$fwcmd add allow ip from me to any out via $oif
keep-state
$fwcmd add deny tcp from any to any established in via
$oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and
80.
# This example specifically allows connections to the
sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in
via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want
your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif
icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
until now i can ping from lan(1) to lan(3) , ofcourse
lan(1) can not acces to internet .
may in here can tell me what should , thx
=====
SONJAYA
More information about the freebsd-questions
mailing list