problem with getway

[James A. Coulter]

On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote:
> I have install freebsd 4.x,and have two netcards.
> I want it as getway.
> I have config "gateway_enable=YES"  in rc.conf,and then reboot.
> [a pc]--------[freebsd]-------[b pc]
> After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and
> b pc can ping freebsd successful,why?
> Please give me a hand.
> Thanks!!
>  
> aetch

Have you built a kernel with IPFW enabled and have you enabled natd in
your rc.conf?

Both IPFW (or perhaps IPFILTER) must be enabled to allow packet 
forwarding.

Just setting gateway="yes" in rc.conf isn't enough (I know - I made the same mistake)

You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and
build a custom kernel with IPFW enabled.

Here's the lines I added to my kernel:

# IP Aliasing and Firewall options

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPDIVERT

and here's what I put in my rc.conf:

gateway_enable="YES"
natd_enable="YES"
natd_interface="dc1"
natd_flags="-dynamic"

You will also need to enable the firewall in rc.conf - what follows
is for an entirely OPEN firewall, i.e. it allows anything and everything
through.  (But you must have the firewall enabled to use the IP forwarding
capabilities):

firewall_enable="YES"
#firewall_type="OPEN"
#firewall_script="/etc/openfirewall.rules"

and the contents of /etc/openfirewall.rules:

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via dc1
/sbin/ipfw add pass all from any to any

Chapter 8 of the handbook

(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html)

and Chapter 14, Section 8

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html

have most of the information you'll need.

In future posts, paste the contents of your rc.conf and any other files involved-

that will help the list answer your question more quickly.

HTH

Jim