Re: Natd/Gateway=yes vs 5.3
Francisco Reyes wrote: Migrating a 4.10 box. Copied data to a second drive. Installed 5.3 Changed kernel to add options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=50 options IPDIVERT In /etc/rc.conf have firewall_enable=YES firewall_logging=YES # Set to YES to enable events logging firewall_quiet=NO firewall_type=open gateway_enable=YES natd_enable=YES # Enable natd (if firewall_enable == YES). natd_flags=-f /etc/natd.conf # Set rules file for the NAT daemon natd_interface=ed0 I've been reading the (excellent) firewall section of the handbook at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Section 14.9.6.3 /etc/rc.conf Options says: If you don't have IPFW compiled into your kernel you will need to load it with the following statement in your /etc/rc.conf: firewall_enable=YES Perhaps you have two ipfws, the kld and the one in the kernel. Section 14.9.6.5.7 An Example NAT and Stateful Ruleset says: The kernel source needs 'option divert' statement added to the other IPFIREWALL statements compiled into a custom kernel. So I guess that supersedes your options IPDIVERT entry. -- HTH, John. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Natd/Gateway=yes vs 5.3
On Sun, 14 Nov 2004, John Murphy wrote: Section 14.9.6.3 /etc/rc.conf Options says: If you don't have IPFW compiled into your kernel you will need to load it with the following statement in your /etc/rc.conf: firewall_enable=YES I eventually figured it out.. after HOURS of checking around. I did see that section, it also mentions that you need the kernel options if you will be doing NAT. So I guess that supersedes your options IPDIVERT entry. That options is still needed if you will be doing NAT. The problem was that I had seen in /etc/defaults/rc.conf a network_interfaces=automatic so I thought that 5.X did not need a network_interfaces line. Once I put network_interfaces=fxp0 ed0 lo0 It all worked. An only took me 4 hours to figure it out. :-( ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Natd/Gateway=yes vs 5.3
Migrating a 4.10 box. Copied data to a second drive. Installed 5.3 Changed kernel to add options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=50 options IPDIVERT In /etc/rc.conf have firewall_enable=YES firewall_logging=YES # Set to YES to enable events logging firewall_quiet=NO firewall_type=open gateway_enable=YES natd_enable=YES # Enable natd (if firewall_enable == YES). natd_flags=-f /etc/natd.conf # Set rules file for the NAT daemon natd_interface=ed0 Not only the machine is not acting as a gateway, but it doesn't let me even connect to the internet. Looked at ipfw list and saw 00050 divert 8668 ip from any to any via ed0 00100 allow ip from any to any via lo0 00200 deny log logamount 50 ip from any to 127.0.0.0/8 00300 deny log logamount 50 ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any Added a pass all rule before the divert and I am able to see the internet from the FreeBSD machine, but not from the other machines. Anything changed for nat between 4.10 and 5.3? Any suggestions? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]