internet gateway

JJB Barbish3 at adelphia.net
Mon Jul 5 07:46:58 PDT 2004 

Your using the ppp nat function which is ok, but you have also
complied the ipfw divert option into your kernel. The ipfw divert
option does the same thing as ppp nat.  Recompile your kernel and
remove the divert option. Also the /etc/rc.firewall rules are way to
complicated for your needs. Create file /etc/ipfw.rules containing
just these rules.

ipfw -f flush
ipfw add allow all from any to any


rc.conf only needs these statements to enable ipfw

firewall_enable="YES"               # Start IPFW daemon
firewall_script="/etc/ipfw.rules"   # use my custom rules.
filewall_logging="YES"              # Enable packet logging


You may also want to read the new rewrite of the Freebsd handbooks
firewall section which is currently available at
www.a1poweruser.com/FBSD_firewall/   The Freebsd doc group has
downloaded this manuscript and working on it to replace what is
currently in the handbook.




-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Brett
Wiggins
Sent: Monday, July 05, 2004 6:41 AM
To: freebsd-questions at freebsd.org
Subject: internet gateway

Hi,
   I am having some problems setting up an internet gateway for my
home network. My gateway machine has two network cards, one
connected to my ADSL modem and the other to a switch and my internal
network. My gateway machine (FreeBSD) can connect to the internet
and it can ping machines on my local network. Machines on my local
network run windows.

     ISP
      |
      |
     ADSL
     MODEM
      |
      |
    FREEBSD           |----- MACHINE A
    MACHINE           |
      |               |
      |-------SWITCH--|----- MACHINE B
                      |
                      |
                      |----- MACHINE C

So Far I have recompiled my kernel with the following options added;
   options IPFIREWALL
   options IPDIVERT
   options IPFIREWALL_VERBOSE
   options IPFIREWALL_VERBOSE_LIMIT=50
   options TCP_DROP_SYNFIN

I then edited /etc/rc.conf
   gateway_enable="YES"
   firewall_enable="YES"
   firewall_script="/etc/rc.firewall"
   firewall_type="OPEN"
   firewall_quiet="NO"
   ppp_enable="YES"
   ppp_mode="ddial"
   ppp_nat="YES"
   ppp_profile="netspace"
   ifconfig_rl0="inet 10.0.0.1"

Then I edited ppp.conf with the following;
   nat enable yes
   nat log yes
   nat same_ports yes
   nat unregistered_only yes
   enable dns

That is where I got up to now i'm stuck and don't know what to do
next. Any help with this would be great.

Brett
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list