Re: Can't route past gateway
#ipnat -l List of active MAP/redirect filters: map x10 192.168.1.0/24 - 0.0.0.0/32 portmap tcp/udp 4:6 map x10 192.168.1.0/24 - 0.0.0.0/32 ^^^ Shouldn't that be xl0? Fer DOH! Dang fonts! I guess that ends my short career as a network admin. If anyone is looking for me, I am going to get my eyes thoroughly examined, and then re-enroll in the first grade (that is, if they will except me). :) Thanks Fernando! __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Can't route past gateway
I tried to send a message to the list earlier, but my email server was down. I checked the archives, but I can't tell if my message has been posted already, so I apologize if it has. If anyone has already replied, could you forward your response to this address? I have a freeBSD machine with two NICS that I am using as a NAT gateway. No matter what I do, clients on my LAN can't get past the gateway. They can ping both the interal and external interfaces of the gateway, but can't get outside. I am using IPF and IPNAT as loadable kernel modules. My /etc/rc.conf looks like this: gateway_enable=YES kern_securelevel_enable=NO linux_enable=YES moused_enable=YES nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ipfilter_enable=YES ipfilter_program=/sbin/ipf ipfilter_rules=/etc/ipf.rules ipfilter_flags= ipnat_enable=YES ipnat_program=/sbin/ipnat ipnat_rules=/etc/ipnat.rules ipnat_flags= ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 ifconfig_xl0=DHCP inetd_enable=NO hostname=forcefield.mydomain.com ipf -V gives this: ipf: IP Filter: v3.4.29 (336) Kernel: IP Flter v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging available Active list:0 Here is dmesg showing ipfilter stuff: IP Filter: v3.4.29 initialized. Default = pass all, Logging = enabled (it also says some things at boot, like IPFilter module loaded, and other things about ipnat getting flushed and loaded, but I don't know how to get dmesg to show me exactly what it says at boot time). My /etc/ipf.rules file has just this for testing: pass in all pass out all My ipnat.rules file has this: map 192.168.1.0/24 - 0/32 portmap tcp/udp 1:65000 map 192.168.1.0/24 - 0/32 In this configuration, my outside interface is getting its info via dhcp from my cable provider. I also tried this similar configuration at my work, using same internal addressing scheme, but using a fixed IP for the ext. interface with no luck. I just can't get past the outside interface of my gateway. What am I leaving out? And this is not a DNS issue, as I am pinging only by ip. Do I need to add static routes or something? I've googled for hours and hours already... :( Thanks for your help, Adam Lofstedt __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't route past gateway
On Wed, 25 Dec 2002, Adam Lofstedt wrote:
I tried to send a message to the list earlier, but my
email server was down. I checked the archives, but I
can't tell if my message has been posted already, so I
apologize if it has. If anyone has already replied,
could you forward your response to this address?
yes, your message was posted. keppt it easy, it's a world-wide holiday,
so the answers can take while. :)
I have a freeBSD machine with two NICS that I am using
as a NAT gateway. No matter what I do, clients on my
LAN can't get past the gateway. They can ping both
the interal and external interfaces of the gateway,
but can't get outside.
Either NAT is not working or the filter are blocking the packets. try doing an
'ipnat -l' and post the output. If the rules are loaded, drop the
filters ('ipf -Fa') and try again from one client.
Tell me if that works.
Fer
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Can't route past gateway
yes, your message was posted. keppt it easy, it's a
world-wide holiday,
so the answers can take while. :)
Thanks... Sorry about this. I didn't mean to make it
seem hysterical or anything.
I have a freeBSD machine with two NICS that I am
using
as a NAT gateway. No matter what I do, clients on
my
LAN can't get past the gateway. They can ping
both
the interal and external interfaces of the
gateway,
but can't get outside.
Either NAT is not working or the filter are blocking
the packets. try doing an
'ipnat -l' and post the output. If the rules are
loaded, drop the
filters ('ipf -Fa') and try again from one client.
#ipnat -l
List of active MAP/redirect filters:
map x10 192.168.1.0/24 - 0.0.0.0/32 portmap tcp/udp
4:6
map x10 192.168.1.0/24 - 0.0.0.0/32
List of active sessions:
I've tried ipf -Fa, but no luck yet.
Thanks and happy holidays.
Adam Lofstedt
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Can't route past gateway
- Original Message - From: Adam Lofstedt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 25, 2002 11:24 AM Subject: Can't route past gateway I tried to send a message to the list earlier, but my email server was down. I checked the archives, but I can't tell if my message has been posted already, so I apologize if it has. If anyone has already replied, could you forward your response to this address? I have a freeBSD machine with two NICS that I am using as a NAT gateway. No matter what I do, clients on my LAN can't get past the gateway. They can ping both the interal and external interfaces of the gateway, but can't get outside. I am using IPF and IPNAT as loadable kernel modules. My /etc/rc.conf looks like this: gateway_enable=YES kern_securelevel_enable=NO linux_enable=YES moused_enable=YES nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ipfilter_enable=YES ipfilter_program=/sbin/ipf ipfilter_rules=/etc/ipf.rules ipfilter_flags= ipnat_enable=YES ipnat_program=/sbin/ipnat ipnat_rules=/etc/ipnat.rules ipnat_flags= ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 ifconfig_xl0=DHCP inetd_enable=NO hostname=forcefield.mydomain.com ipf -V gives this: ipf: IP Filter: v3.4.29 (336) Kernel: IP Flter v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging available Active list:0 Here is dmesg showing ipfilter stuff: IP Filter: v3.4.29 initialized. Default = pass all, Logging = enabled (it also says some things at boot, like IPFilter module loaded, and other things about ipnat getting flushed and loaded, but I don't know how to get dmesg to show me exactly what it says at boot time). My /etc/ipf.rules file has just this for testing: pass in all pass out all My ipnat.rules file has this: map 192.168.1.0/24 - 0/32 portmap tcp/udp 1:65000 map 192.168.1.0/24 - 0/32 In this configuration, my outside interface is getting its info via dhcp from my cable provider. I also tried this similar configuration at my work, using same internal addressing scheme, but using a fixed IP for the ext. interface with no luck. I just can't get past the outside interface of my gateway. What am I leaving out? And this is not a DNS issue, as I am pinging only by ip. Do I need to add static routes or something? I've googled for hours and hours already... :( Thanks for your help, Adam Lofstedt FreeBSD cheatsheets has instructions for setting up a Dual Homed Host (2 NICs) using IPFW. It works for me. You can also get some additional information from the FreeBSD handbook about NAT. Which I also used in setting it all up. It really is quite simple. Joe Gwozdecki Houston, Texas To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't route past gateway
On Wed, 25 Dec 2002, Adam Lofstedt wrote:
yes, your message was posted. keppt it easy, it's a
world-wide holiday,
so the answers can take while. :)
Thanks... Sorry about this. I didn't mean to make it
seem hysterical or anything.
I have a freeBSD machine with two NICS that I am
using
as a NAT gateway. No matter what I do, clients on
my
LAN can't get past the gateway. They can ping
both
the interal and external interfaces of the
gateway,
but can't get outside.
Either NAT is not working or the filter are blocking
the packets. try doing an
'ipnat -l' and post the output. If the rules are
loaded, drop the
filters ('ipf -Fa') and try again from one client.
#ipnat -l
List of active MAP/redirect filters:
map x10 192.168.1.0/24 - 0.0.0.0/32 portmap tcp/udp
4:6
map x10 192.168.1.0/24 - 0.0.0.0/32
List of active sessions:
I've tried ipf -Fa, but no luck yet.
Thanks and happy holidays.
Adam Lofstedt
Have you issued an ipf -y command to synchronize IPFilter's address with
the 0/32 rule?
Marco Radzinschi
E-Mail: [EMAIL PROTECTED]
Wed Dec 25 17:12:14 EST 2002
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Can't route past gateway
On Wed, 25 Dec 2002, Adam Lofstedt wrote: #ipnat -l List of active MAP/redirect filters: map x10 192.168.1.0/24 - 0.0.0.0/32 portmap tcp/udp 4:6 map x10 192.168.1.0/24 - 0.0.0.0/32 ^^^ Shouldn't that be xl0? Fer List of active sessions: I've tried ipf -Fa, but no luck yet. Thanks and happy holidays. Adam Lofstedt __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
