router in freebsd 5.2
son_jaya at yahoo.com
Tue Oct 12 23:36:53 PDT 2004
i newbie in freebsd ,
i wan create router in freebsd 5.2 here my topolgi
gw = 202.158.xx.xx
1. I wan't i can't access from lan(1) to lan(2) ,
also to lan(3) ( ping , etc )
2. In lan(2) can go direct to gw ( internet) with
default gw 172.18.1.1
3.i want make lan(1) connect direct to internet by
gw(172.18.2.1)see point no.2
4. lan(3) linux router+NAT(IPtables) , lan(2) Freebsd
5.2 , lan(1) microsoft net
i follow step in here :
here my rc.conf ( lan(2))
ifconfig_rl0="inet 172.18.5.1 netmask 255.255.0.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0"
and here my firewall script ( /etc/fw1)
# Define the firewall command (as in /etc/rc.firewall)
# reference. Helps to make it easier to read.
# Define our outside interface. With userland-ppp
# defaults to tun0.
# Define our inside interface. This is usually your
# card. Be sure to change this to match your own
# Force a flushing of the current rules before we
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not
# Allow all connections that we initiate, and keep
# but deny established connections that don't have a
$fwcmd add allow ip from me to any out via $oif
$fwcmd add deny tcp from any to any established in via
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and
# This example specifically allows connections to the
sshd and a
$fwcmd add allow tcp from any to me dst-port 22,80 in
via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want
# to be pingable.
$fwcmd add allow icmp from any to any via $oif
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
until now i can ping from lan(1) to lan(3) , ofcourse
lan(1) can not acces to internet .
may in here can tell me what should , thx
More information about the freebsd-questions