IPF, NAT or NIC problem - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

IPF, NAT or NIC problem

FreecoFreeco Posts: 1Member
I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but got reply from rl0". My configuration files looks like this:

----rc.conf----
clear_tmp_enable="YES"
hostname="gateway.fbsdfreeco.com"
ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
gateway_enable="YES"
ipfilter_enable="YES"
ipmon_enable="YES"
ipmon_flags="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
defaultrouter="xxx.xxx.88.17"
----resolv.conf----
search xxx.xxx.88.17
nameserver xxx.xxx.88.17
nameserver xxx.xxx.xxx.xxx
----ipf.loadrules.sh----
oif="fxp0"
odns="xxx.xxx.88.17"
myip="xxx.xxx.88.20"
ks="keep state"
fks="flags S keep state"

/sbin/ipf -Fa -f - << EOF

pass out quick on $oif proto tcp from any to $odns port = 53 $fks
pass out quick on $oif proto udp from any to $odns port = 53 $ks
pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80 $fks
pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 443 $fks
EOF
----ipnat.rules----
map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
map fxp0 0.0.0.0/0 -> 0/32
map fxp0 192.168.0.0/16 -> 0/32
-----------------------------------

ISP Gateway<-fxp0--ping-ok--->My Gateway<-rl0-LAN-->Switch<---ping-ok>---pc

ISP IP - xxx.xxx.88.17 (static)
My IP - xxx.xxx.88.20 (fxp0 static)
My IP - 192.168.1.2 (rl0 private)
pc IP - 192.168.1.x (private)

Ican't open web pages
where's the problem?

Comments

  • pannoniuspannonius Posts: 2Member
    : I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway
    : with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my
    : pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but
    : got reply from rl0". My configuration files looks like this:
    :
    : ----rc.conf----
    : clear_tmp_enable="YES"
    : hostname="gateway.fbsdfreeco.com"
    : ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
    : gateway_enable="YES"
    : ipfilter_enable="YES"
    : ipmon_enable="YES"
    : ipmon_flags="-Ds"
    : ipnat_enable="YES"
    : ipnat_rules="/etc/ipnat.rules"
    : ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
    : defaultrouter="xxx.xxx.88.17"
    : ----resolv.conf----
    : search xxx.xxx.88.17
    : nameserver xxx.xxx.88.17
    : nameserver xxx.xxx.xxx.xxx
    : ----ipf.loadrules.sh----
    : oif="fxp0"
    : odns="xxx.xxx.88.17"
    : myip="xxx.xxx.88.20"
    : ks="keep state"
    : fks="flags S keep state"
    :
    : /sbin/ipf -Fa -f - << EOF
    :
    : pass out quick on $oif proto tcp from any to $odns port = 53 $fks
    : pass out quick on $oif proto udp from any to $odns port = 53 $ks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80
    : $fks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port =
    : 443 $fks
    : EOF
    : ----ipnat.rules----
    : map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
    : rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
    : map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
    : map fxp0 0.0.0.0/0 -> 0/32
    : map fxp0 192.168.0.0/16 -> 0/32
    : -----------------------------------
    :
    : ISP Gateway<-fxp0--ping-ok--->My
    : Gateway<-rl0-LAN-->Switch<---ping-ok>---pc
    :
    : ISP IP - xxx.xxx.88.17 (static)
    : My IP - xxx.xxx.88.20 (fxp0 static)
    : My IP - 192.168.1.2 (rl0 private)
    : pc IP - 192.168.1.x (private)
    :
    : Ican't open web pages
    : where's the problem?
    :
    You have to point Your PC's Default Gateway IP to "My Gateway" (use the "My Gateway"'s IP address as a PC_behind_the_NAT's Default Gateway IP) and it shoould work!

  • pannoniuspannonius Posts: 2Member
    : I'm new in BSD, I installed FreeBSD 7.2 and want to use as gateway
    : with IPF and NAT. I have 2 NIC's fxp0 and rl0. When i booted up my
    : pc i got a message "gateway kernel: arp xxx.xxx.88.17 is on fxp0 but
    : got reply from rl0". My configuration files looks like this:
    :
    : ----rc.conf----
    : clear_tmp_enable="YES"
    : hostname="gateway.fbsdfreeco.com"
    : ifconfig_fxp0=" inet xxx.xxx.88.20 netmask 255.255.255.240"
    : gateway_enable="YES"
    : ipfilter_enable="YES"
    : ipmon_enable="YES"
    : ipmon_flags="-Ds"
    : ipnat_enable="YES"
    : ipnat_rules="/etc/ipnat.rules"
    : ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0"
    : defaultrouter="xxx.xxx.88.17"
    : ----resolv.conf----
    : search xxx.xxx.88.17
    : nameserver xxx.xxx.88.17
    : nameserver xxx.xxx.xxx.xxx
    : ----ipf.loadrules.sh----
    : oif="fxp0"
    : odns="xxx.xxx.88.17"
    : myip="xxx.xxx.88.20"
    : ks="keep state"
    : fks="flags S keep state"
    :
    : /sbin/ipf -Fa -f - << EOF
    :
    : pass out quick on $oif proto tcp from any to $odns port = 53 $fks
    : pass out quick on $oif proto udp from any to $odns port = 53 $ks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port = 80
    : $fks
    : pass out quick on $oif proto tcp from xxx.xxx.88.20 to any port =
    : 443 $fks
    : EOF
    : ----ipnat.rules----
    : map fxp0 192.168.1.0/16 -> xxx.xxx.88.20/32
    : rdr fxp0 0.0.0.0/0 -> xxx.xxx.88.20
    : map fxp0 192.168.0.0/16 -> 0/32 proxy port 21 ftp/tcp
    : map fxp0 0.0.0.0/0 -> 0/32
    : map fxp0 192.168.0.0/16 -> 0/32
    : -----------------------------------
    :
    : ISP Gateway<-fxp0--ping-ok--->My
    : Gateway<-rl0-LAN-->Switch<---ping-ok>---pc
    :
    : ISP IP - xxx.xxx.88.17 (static)
    : My IP - xxx.xxx.88.20 (fxp0 static)
    : My IP - 192.168.1.2 (rl0 private)
    : pc IP - 192.168.1.x (private)
    :
    : Ican't open web pages
    : where's the problem?
    :
    You have to point Your PC's Default Gateway IP to "My Gateway" (use the "My Gateway"'s IP address as a PC_behind_the_NAT's Default Gateway IP) and it shoould work!

Sign In or Register to comment.