Asenchi wrote:
Hello,
I emailed and receive some help this past weekend. Thank you all for
responding, however none of the suggestions were able to cure my problem.
I don't think I was in on the original round of q&a. I'm going to make some
suggestions, but also clarify a few things. Please pardon me if I suggest
some things that have already come up, or ask questions that you've already
answered.
Here is the issue:
I am setting up a firewall, IPFW + NATD that will act as a gateway. I have
two NIC's that are configured. The OIF will be connected to a cable modem
that assigns connections by DHCP. I am not able to keep a connection with
my OIF concerning this.
What do you mean by "not able to _keep_ a connection"? Are you saying that
your DHCP addy expires and can't be renewed? Or is there something more to
the problem (i.e., the link layer connection fails?)
<SNIP>
PS: Below is a bunch of info on my setup, let me know if you want more. Oh
and I know that there is no ip assigned to vr0, this is bsd, not me. I have
tried to assign one and have also set 'ifconfig_vr0="DHCP"' in rc.conf.
To clarify:
if you type:
killall dhclient
ifconfig vr0 inet 10.1.1.1 netmaks 255.0.0.0
ifconfig
Does it display the 10.1.1.1 address, or is there still no ip addy on
vr0?
#vi /etc/rc.firewall
#FIREWALL RULES
fwcmd="/sbin/ipfw"
oif="vr0"
onet="`ifconfig vr0 | grep "inet " | awk '{print $6}'`"
omask="`ifconfig vr0 | grep "inet " | awk '{print $4}'`"
oip="`ifconfig vr0 | grep "inet " | awk '{print $2}'`"
iif="rl0"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.1"
${fwcmd} -f flush
${fwcmd} add 0050 divert natd all from any to any via ${oif}
${fwcmd} add 0200 allow all from any to any
If this is truely the firewall rules you are using, then every rule after
this one is redundant, as this constitutes an "open" firewall, which is
almost the same as no firewall at all (except for the divert rule).
#vi /var/db/dhclient.leases
lease {
interface "xl0";
fixed-address 12.245.246.22;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 3600;
option routers 12.245.246.1;
option dhcp-message-type 5;
option dhcp-server-identifier 12.242.20.34;
option domain-name-servers 63.240.76.4,204.127.198.4;
option broadcast-address 255.255.255.255;
option host-name "x1-6-00-04-76-c5-f4-a2";
option domain-name "attbi.com";
renew 2 2003/1/28 03:29:22;
rebind 2 2003/1/28 03:58:51;
expire 2 2003/1/28 04:06:21;
}
lease {
interface "vr0";
fixed-address 12.245.228.183;
option subnet-mask 255.255.255.128;
option dhcp-lease-time 345600;
option routers 12.245.228.129;
option dhcp-message-type 5;
option dhcp-server-identifier 12.242.20.34;
option domain-name-servers 63.240.76.4,204.127.198.4;
option broadcast-address 255.255.255.255;
option domain-name "attbi.com";
renew 4 2003/1/30 01:09:35;
rebind 5 2003/1/31 15:28:11;
expire 6 2003/2/1 03:28:11;
}
Are you trying to get DHCP addys on both interfaces?
#ifconfig -a
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::240:33ff:fe5a:748a%vr0 prefixlen 64 scopeid 0x1
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
ether 00:40:33:5a:74:8a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=3<rxcsum,txcsum>
ether 00:04:76:c5:f4:a2
media: Ethernet autoselect (none)
status: no carrier
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::250:bfff:fe90:6d98%rl0 prefixlen 64 scopeid 0x3
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:50:bf:90:6d:98
media: Ethernet autoselect (100baseTX)
status: active
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
This is probably unrelated, but you have not IPv4 address on the loopback
device (lo0), which has caused problems for me in the past.
You managed to post _almost_ everything relevent ;) Can you post your
rc.conf please.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
