FreeBSD Gateway problems

Ruben Bloemgarten ruben at bloemgarten.demon.nl
Mon Aug 15 16:37:02 GMT 2005 

Hi Tim, 

Which of the firewalls do you want to use and if you want to use both what
do you want the functionality to be? If you can send your rc.conf,ipf.conf
and ipnat.conf I could check out the ipf part and see if I find anything.
Obviously Glen's experience with ipfw is more extensive than mine so he
would most likely be of more help on that front. It would however of great
help to know what you're trying to accomplish. 

Regards,
Ruben

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Tim Holmes
Sent: August 15, 2005 10:47 AM
To: freebsd-questions at freebsd.org
Subject: FreeBSD Gateway problems


For years I've used a FreeBSD as my gateway.  Well I haven't had a high
speed connection for 3 years now, and I've just gotten it back.  Since
then I've reloaded the machine from 4.3 to 5.3.  I thought I had it all
set up so when I did get connection, I could make a quick edit to my 
rc.conf and I'd be ready to go.  Well turns out I was way off.

The machine has no problems geting an IP from the cable modem, and I can
get anywhere I want from that machine directly.  (I'm currently ssh'd to
the router machine to send email, use w3m to find How-Tos)  But it won't
pass traffic from the rest of the network.

Here are the settings in my rc.conf:

gateway_enable="YES"              # Enable as Lan gateway
# firewall_enable="YES"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /etc/natd.conf"
ipmon_enable="YES"
ipmon_flags="-Ds"

The firewall_enable is disable now because when it's turned on, I can't 
actually get out from directly on the machine.  At this point I just want
it to do the routing and then I can work on building a firewall afterwards.

Before I did the update and rebuilt the kernel yesterday, I had these
options
in rc.conf

# ipnat_enable="YES"                # Start ipnat function
# ipnat_rules="/etc/ipnat.rules"    # rules definition file for ipnat
# ipfilter_enable="YES"             # Start ipf firewall
# ipfilter_rules="/etc/ipf.rules"   # loads rules definition text file

Well all these other How-Tos I found on FreeBSDDiary.org told me all I
needed
was "gateway_enable=YES" and "firewall_enable=YES".  Also to add these two 
options to the kernel:

options IPFILTER
options IPDIVERT


But that wasn't working.  Another mentioned I needed
defaultrouter="192.168.2.254",
but that's not doing it either.  It wasn't actually running nat, and I'd get
errors
if I tried to start.  Here's the message I saw at boot after a new kernel.

1: unexpected keyword (any) - from
/sbin/ipf: /etc/ipf.rules: parse error (-1), quitting
/etc/rc: WARNING: NO IPNAT RULES

After following some other How-Tos I tried running ipfw, but I keep getting
an error
message that won't return any helpful searches from Google.

# ipnat -f /etc/ipnat.conf 
ioctl(SIOCGNATS): Operation not permitted
# ipfw -f flush
ipfw: setsockopt(IP_FW_FLUSH): Protocol not available
# ipf -FA -f /etc/ipf.rules 
ioctl(SIOCIPFFL): Operation not permitted
# ipfw add divert natd all from any to any via xl0
ipfw: getsockopt(IP_FW_ADD): Protocol not available

None of those error messages will give me anything to go.  So I'm at a lose
here.  Can
anybody point me to How-To, or share their rc.conf edits to make this work?

I know this was a little long, but thanks in advance for the help.

tdh
-- 
 ----------------+-------------------------------------------------
       \./       |     Tim Holmes  --  em at il: tim at unixtechs.org
      (0Y0)      |         UIN: 17021091  -- AIM: tdh004
 -ooO--(_)--Ooo--+-------------------------------------------------
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005

More information about the freebsd-questions mailing list