Re: routing problem

Wed, 27 Nov 2002 03:20:23 -0800 

> today i tried to setup 4.7 gateway. It hastwo NICs (rl0 and rl1) on
> different subnets (rl0 = 192.168.0.66, rl1 = 192.168.1.2). The rl0 is
> connected to a cable-modem and gets an other IP (213.209.66.214) after
> booting.
>
> After playing with routes, i can ping outside, can ping rl0 and rl1 and
> 192.168.1.18 (a windows-box). The 192.168.1.18 can ping the 192.168.1.2
and
> 213.209.66.214 (the other NIC in the server), but  not any outside IP
(wich
> should be routed over 213.209.66.214 i think)
>
> gateway_enable="YES" in  /etc/rc.config
> and for testing router_enable="YES"
> and natd_enable="YES"

Thomas,

The problem is to do with setting up natd. You don't need
router_enable="YES".

Firstly, natd listens on a divert socket for packets to 'translate' from the
internet to your LAN. Therefore, you need to make sure that the IP packets
going to and coming from your modem get sent to natd.

The way to do this is using ipfw, the kernel firewall. If you're not already
using it (which I would recommend doing anyhow), you'll need to recompile
your kernel with "options IPFIREWALL" and "options IPDIVERT" (checkout man
ipfw). Then simply do :

    ipfw add divert natd ip from any to any via rl0

Assuming rl0 is the interface that has your 213.209.66.214 address, this
will pass all ip packets through natd, which will rewrite them
transparently.

Secondly, you need to tell natd which interface (IP address actually) to
operate on. To do this just add 'natd_interface="rl0"' to you /etc/rc.conf ,
if rl0 is your internet interface. If you have a dynamic IP address, you may
want to add 'natd_flags="-dynamic"' aswell. See man natd for details.

Then it should all work fine!

A couple of points to check for : make sure you add a default route for your
ISP's IP (the one the modem connects to) and be careful the connection with
the public IP address is indeed on rl0 (if you use PPPOE for example,
another interface is used...)

Hope this helps,
Jonathan


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to