[please cc freebsd-questions, someone may be interested, too]
Aperez wrote: > Karol Kwiatkowski wrote: > >> Aperez wrote: >> >> >>> Hi: >>> >>> I am trying to set up a router/firewall with Freebsd 5.3 this is my >>> information: >>> >>> Winxp and Freebsd machine connected to Firewall machine using a hub >>> >>> Firewall has two ethernet cards: card1: dc0 connected to cable internet >>> using DHCP >>> card 2: rl0 setup to use >>> 192.168.1.1 >>> >>> I can connect to the internet from the firewall: ping -c 3 www.yahoo.con >>> successfull >>> I can ping from Firewall to the other two machines (WinXP and FreeBSD) >>> I can ping from XP to FreeBsd and Firewall >>> I can pin from FreeBSD to XP and Firewall >>> >> >> >> OK, it appears your internal network is working. >> >> Did you set 'defaultrouter' on FreeBSD and XP (whatever it may be >> called on Windows) to 192.168.1.1 (IP of the gateway)? >> >> >> >> >>> Here is the problem: I cant connect to internet from neither XP nor >>> FreeBSD machine >>> >>> Here is my rc.conf from the firewall machine: >>> >>> gateway_enable="YES" >>> ifconfig_lo0="inet 127.0.0.1" >>> ifconfig_dc0="DHCP" >>> ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" >>> ipfilter_enable="YES" >>> ipmon_enable="YES" >>> ipmon_flags="-Dsvn" >>> ipnat_enable="YES" >>> >> >> >> What rules do you have in ipfilter and ipnat? Have you enabled NAT? >> >> >> >> >>> ipfs_enable="YES" >>> >>> Can anyabody tell me what I am missing? >>> >> >> >> Regards, >> >> Karol >> >> >> > Hi > > I did set up Winxp to use 192.168.1.1 as gateway and I put > defaultrouter=192.168.1.1 in the Freebsd machine. > > I dont have rules for ipfilter because I was trying to see if there was > connectivity box---firewall---internet. > Do I have to have ipnat rules in oder for the machines to connect to the > internet? Yes. NAT is not working yet. With ipnat_enable="YES" you've just enabled ipnat but you didn't tell it what to do yet. Something like this would do: > map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto # NAT for LAN +port > mapping > map dc0 192.168.1.0/24 -> 0/32 # NAT for LAN (icmp) But keep in mind I no longer use ipfilter/ipnat. Please check manpage for ipnat(1). Also handbook section: 24.5.14 NAT http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html > Dind't I enable natd by putting "ipnat_enable="YES"" or do I have to put this > instead natd_enable="YES"? 'natd' is another way to do NAT. You'll need only one of them. And ipnat just doesn't do NAT yet. Regards, Karol -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
