RE: Problem with Multihomed Machine

[Peter Brezny]

If your freebsd machine is working fine and you can ping the windows box from freebsd but not the other way, it seems to point to your firewall preventing the windows box from connecting.

 

you can disable the firewall completely and see if you can ping from the windows machine, then work back from there.

 

try

 

ipfw -f flush

ipfw add allow all from any to any

 

at the command line then see if things work.

 

you can use

 

/etc/netstart

 

to reread your rc.conf (and restart your firewall)

 

or restart the firewall directly if it's a script

 

sh /etc/rc.firewall

 

have a look at

 

http://www.bsdtoday.com/2000/December/Features359.html

for yet another nat/ipfw how to.

Peter Brezny
SysAdmin Services Inc.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sean
Sent: Friday, January 05, 2001 4:31 AM
To: [EMAIL PROTECTED]
Subject: Problem with Multihomed Machine

Hello.  I'm having some problems setting up a multihomed machine and was wondering if someone could point me in the right direction.  I have a FreeBSD box with 2 ethernet cards.  One card, rl0, is connected to my cable modem.  The other card, rl1, is connected to a Win2000 box.   The goal is to have FreeBSD act as a firewall for the Win2000 machine.  I have set the IP address of the internal network card (rl1) to 10.0.0.1, and I have the IP address of Win2000 set as 10.0.0.2, with a gateway of 10.0.0.1.  The problem I'm having is, I can't get Win2000 to do anything to try and connect to FreeBSD, it won't even do a ping of the FreeBSD machine.  From FreeBSD, I can get on the internet, and ping Win2000, but, Win2000 won't connect to anything.  I've read quite a few howtos on natd and setting up a firewall, but, I can't figure out why it's not working.  Just from looking at the Win2000 settings, it appears it's set up right, so, I am wondering if I'm doing something wrong in FreeBSD.

Below I've included the output from ifconfig -a, netstat -rn and netstat -in.  Any help would be greatly appreciated.

IFCONFIG -A
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 inet 24.14.186.233 netmask 0xffffff80 broadcast 24.14.186.255
 inet6 fe80::200:21ff:fedb:7c22%rl0 prefixlen 64 scopeid 0x1
 ether 00:00:21:db:7c:22
 media: autoselect (none) status: active
 supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
 inet6 fe80::250:baff:fed3:5b03%rl1 prefixlen 64 scopeid 0x2
 ether 00:50:ba:d3:5b:03
 media: autoselect (100baseTX <full-duplex>) status: active
 supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
 

NETSTAT -RN
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            24.14.186.129      UGSc        rl0
10/24              link#2             UC          rl1 =>
24.14.186.128/25   link#1             UC          rl0 =>
24.14.186.129      0:30:80:6e:e8:70   UHLW        rl0    823
24.14.186.255      ff:ff:ff:ff:ff:ff  UHLWb       rl0
127.0.0.1          127.0.0.1          UH          lo0
 

NETSTAT -IN
Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
rl0   1500  <Link#1>    00:00:21:db:7c:22       52     0       11     0     0
rl0   1500  24.14.186.128 24.14.186.233         52     0       11     0     0
rl0   1500  fe80:1::200 fe80:1::200:21ff:       52     0       11     0     0
rl1   1500  <Link#2>    00:50:ba:d3:5b:03       19     0        9     0     0
rl1   1500  10/24         10.0.0.1              19     0        9     0     0
rl1   1500  fe80:2::250 fe80:2::250:baff:       19     0        9     0     0

Sean Chisek
[EMAIL PROTECTED]