FreeBSD Gateway problems

Tim Holmes tim at
Mon Aug 15 08:47:01 GMT 2005

For years I've used a FreeBSD as my gateway.  Well I haven't had a high
speed connection for 3 years now, and I've just gotten it back.  Since
then I've reloaded the machine from 4.3 to 5.3.  I thought I had it all
set up so when I did get connection, I could make a quick edit to my 
rc.conf and I'd be ready to go.  Well turns out I was way off.

The machine has no problems geting an IP from the cable modem, and I can
get anywhere I want from that machine directly.  (I'm currently ssh'd to
the router machine to send email, use w3m to find How-Tos)  But it won't
pass traffic from the rest of the network.

Here are the settings in my rc.conf:

gateway_enable="YES"              # Enable as Lan gateway
# firewall_enable="YES"
natd_flags="-f /etc/natd.conf"

The firewall_enable is disable now because when it's turned on, I can't 
actually get out from directly on the machine.  At this point I just want
it to do the routing and then I can work on building a firewall afterwards.

Before I did the update and rebuilt the kernel yesterday, I had these options
in rc.conf

# ipnat_enable="YES"                # Start ipnat function
# ipnat_rules="/etc/ipnat.rules"    # rules definition file for ipnat
# ipfilter_enable="YES"             # Start ipf firewall
# ipfilter_rules="/etc/ipf.rules"   # loads rules definition text file

Well all these other How-Tos I found on told me all I needed
was "gateway_enable=YES" and "firewall_enable=YES".  Also to add these two 
options to the kernel:

options IPFILTER
options IPDIVERT

But that wasn't working.  Another mentioned I needed defaultrouter="",
but that's not doing it either.  It wasn't actually running nat, and I'd get errors
if I tried to start.  Here's the message I saw at boot after a new kernel.

1: unexpected keyword (any) - from
/sbin/ipf: /etc/ipf.rules: parse error (-1), quitting

After following some other How-Tos I tried running ipfw, but I keep getting an error
message that won't return any helpful searches from Google.

# ipnat -f /etc/ipnat.conf 
ioctl(SIOCGNATS): Operation not permitted
# ipfw -f flush
ipfw: setsockopt(IP_FW_FLUSH): Protocol not available
# ipf -FA -f /etc/ipf.rules 
ioctl(SIOCIPFFL): Operation not permitted
# ipfw add divert natd all from any to any via xl0
ipfw: getsockopt(IP_FW_ADD): Protocol not available

None of those error messages will give me anything to go.  So I'm at a lose here.  Can
anybody point me to How-To, or share their rc.conf edits to make this work?

I know this was a little long, but thanks in advance for the help.

       \./       |     Tim Holmes  --  em at il: tim at
      (0Y0)      |         UIN: 17021091  -- AIM: tdh004

More information about the freebsd-questions mailing list