IPF, NAT or NIC problem - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

IPF, NAT or NIC problem

FreecoFreeco Posts: 1Member
I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but got reply from rl0". My configuration files looks like this:

----rc.conf----
clear_tmp_enable="YES"
hostname="gateway.fbsdfreeco.com"
ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
gateway_enable="YES"
ipfilter_enable="YES"
ipmon_enable="YES"
ipmon_flags="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
defaultrouter="xxx.xxx.88.17"
----resolv.conf----
search xxx.xxx.88.17
nameserver xxx.xxx.88.17
nameserver xxx.xxx.xxx.xxx
----ipf.loadrules.sh----
oif="fxp0"
odns="xxx.xxx.88.17"
myip="xxx.xxx.88.20"
ks="keep state"
fks="flags S keep state"

/sbin/ipf -Fa -f - << EOF

pass out quick on $oif proto tcp from any to $odns port = 53 $fks
pass out quick on $oif proto udp from any to $odns port = 53 $ks
pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80 $fks
pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 443 $fks
EOF
----ipnat.rules----
map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
map fxp0 0.0.0.0/0 -> 0/32
map fxp0 192.168.0.0/16 -> 0/32
-----------------------------------

ISP Gateway<-fxp0--ping-ok--->My Gateway<-rl0-LAN-->Switch<---ping-ok>---pc

ISP IP - xxx.xxx.88.17 (static)
My IP - xxx.xxx.88.20 (fxp0 static)
My IP - 192.168.1.2 (rl0 private)
pc IP - 192.168.1.x (private)

Ican't open web pages
where's the problem?

Comments

  • pannoniuspannonius Posts: 2Member
    : I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway
    : with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my
    : pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but
    : got reply from rl0". My configuration files looks like this:
    :
    : ----rc.conf----
    : clear_tmp_enable="YES"
    : hostname="gateway.fbsdfreeco.com"
    : ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
    : gateway_enable="YES"
    : ipfilter_enable="YES"
    : ipmon_enable="YES"
    : ipmon_flags="-Ds"
    : ipnat_enable="YES"
    : ipnat_rules="/etc/ipnat.rules"
    : ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
    : defaultrouter="xxx.xxx.88.17"
    : ----resolv.conf----
    : search xxx.xxx.88.17
    : nameserver xxx.xxx.88.17
    : nameserver xxx.xxx.xxx.xxx
    : ----ipf.loadrules.sh----
    : oif="fxp0"
    : odns="xxx.xxx.88.17"
    : myip="xxx.xxx.88.20"
    : ks="keep state"
    : fks="flags S keep state"
    :
    : /sbin/ipf -Fa -f - << EOF
    :
    : pass out quick on $oif proto tcp from any to $odns port = 53 $fks
    : pass out quick on $oif proto udp from any to $odns port = 53 $ks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80
    : $fks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port =
    : 443 $fks
    : EOF
    : ----ipnat.rules----
    : map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
    : rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
    : map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
    : map fxp0 0.0.0.0/0 -> 0/32
    : map fxp0 192.168.0.0/16 -> 0/32
    : -----------------------------------
    :
    : ISP Gateway<-fxp0--ping-ok--->My
    : Gateway<-rl0-LAN-->Switch<---ping-ok>---pc
    :
    : ISP IP - xxx.xxx.88.17 (static)
    : My IP - xxx.xxx.88.20 (fxp0 static)
    : My IP - 192.168.1.2 (rl0 private)
    : pc IP - 192.168.1.x (private)
    :
    : Ican't open web pages
    : where's the problem?
    :
    You have to point Your PC's Default Gateway IP to "My Gateway" (use the "My Gateway"'s IP address as a PC_behind_the_NAT's Default Gateway IP) and it shoould work!

  • pannoniuspannonius Posts: 2Member
    : I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway
    : with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my
    : pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but
    : got reply from rl0". My configuration files looks like this:
    :
    : ----rc.conf----
    : clear_tmp_enable="YES"
    : hostname="gateway.fbsdfreeco.com"
    : ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
    : gateway_enable="YES"
    : ipfilter_enable="YES"
    : ipmon_enable="YES"
    : ipmon_flags="-Ds"
    : ipnat_enable="YES"
    : ipnat_rules="/etc/ipnat.rules"
    : ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
    : defaultrouter="xxx.xxx.88.17"
    : ----resolv.conf----
    : search xxx.xxx.88.17
    : nameserver xxx.xxx.88.17
    : nameserver xxx.xxx.xxx.xxx
    : ----ipf.loadrules.sh----
    : oif="fxp0"
    : odns="xxx.xxx.88.17"
    : myip="xxx.xxx.88.20"
    : ks="keep state"
    : fks="flags S keep state"
    :
    : /sbin/ipf -Fa -f - << EOF
    :
    : pass out quick on $oif proto tcp from any to $odns port = 53 $fks
    : pass out quick on $oif proto udp from any to $odns port = 53 $ks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80
    : $fks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port =
    : 443 $fks
    : EOF
    : ----ipnat.rules----
    : map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
    : rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
    : map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
    : map fxp0 0.0.0.0/0 -> 0/32
    : map fxp0 192.168.0.0/16 -> 0/32
    : -----------------------------------
    :
    : ISP Gateway<-fxp0--ping-ok--->My
    : Gateway<-rl0-LAN-->Switch<---ping-ok>---pc
    :
    : ISP IP - xxx.xxx.88.17 (static)
    : My IP - xxx.xxx.88.20 (fxp0 static)
    : My IP - 192.168.1.2 (rl0 private)
    : pc IP - 192.168.1.x (private)
    :
    : Ican't open web pages
    : where's the problem?
    :
    You have to point Your PC's Default Gateway IP to "My Gateway" (use the "My Gateway"'s IP address as a PC_behind_the_NAT's Default Gateway IP) and it shoould work!

Sign In or Register to comment.