Need Guidance in my Internet Connection Sharing configuration

• Previous message: Srot BULL: "sendmail problem - Helo command rejected: Host not found"
• Next in thread: Chuck Swiger: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Chuck Swiger: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Benjamin Sobotta: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Frank J. Laszlo: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-questions@freebsd.org
Date: Tue, 11 Jan 2005 08:37:15 +0000

Hello and Good Day to all,

I have tried to configure my system for Internet Connection Sharing but
I could not implement the configuration properly. I am afraid that this
is all my mind can figure out. Please look through below and I would
appreciate if you could point out the mistakes that I have done or point
me to any links that would help me help solve this problem.

uname -a
FreeBSD r40e.point.ne.jp 5.3-STABLE FreeBSD 5.3-STABLE #1: Mon Jan 10
12:49:58
UTC 2005 root@r40e.point.ne.jp:/usr/obj/usr/src/sys/R40e i386

Kernel Configuration File:
#===--- IPFIREWALL OPTIONS ---===#
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
options IPFIREWALL_DEFAULT_TO_ACCEPT
#=- Enables NAT Functionality -=#
options IPDIVERT

/etc/rc.conf
hostname="r40e.point.ne.jp"
#** OutBound Interface **#
ifconfig_bge0="DHCP"
#** Internal LAN Interface **#
ifconfig_aue0="inet 10.20.30.1 netmask 255.0.0.0"
gateway_enable="YES"
natd_enable="YES"
natd_interface="aue0"
natd_flags="-dynamic -m"
firewall_enable="YES"
firewall_script="/etc/ipfw.rulesets"
firewall_type="OPEN"
firewall_quiet="YES"
firewall_logging_enable="YES"

This is my /etc/ipfw.rulesets:
--------------------------------------------------------------------------
#!/bin/sh

ipfw -q -f flush
CMD="ipfw -q add"
SKIP="skipto 00800"
KS="keep-state"
INIC="bge0"

$CMD 00005 allow all from any to any via aue0
$CMD 00010 allow all from any to any via lo0
$CMD 00014 divert natd ip from any to any in via $INIC
$CMD 00015 check-state

$CMD 00020 $SKIP tcp from any to 192.168.0.1 53 out via $INIC setup $KS
$CMD 00021 $SKIP udp from any to 192.168.0.1 53 out via $INIC $KS
$CMD 00030 $SKIP udp from any to 192.168.0.1 67 out via $INIC $KS
$CMD 00040 $SKIP tcp from any to any 80 out via $INIC setup $KS
$CMD 00050 $SKIP tcp from any to any 443 out via $INIC setup $KS
$CMD 00060 $SKIP tcp from any to any 25 out via $INIC setup $KS
$CMD 00061 $SKIP tcp from any to any 110 out via $INIC setup $KS
$CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root
$CMD 00080 $SKIP icmp from any to any out via $INIC $KS
$CMD 00090 $SKIP tcp from any to any 37 out via $INIC setup $KS
$CMD 00100 $SKIP tcp from any to any 119 out via $INIC setup $KS
$CMD 00110 $SKIP tcp from any to any 22 out via $INIC setup $KS
$CMD 00120 $SKIP tcp from any to any 43 out via $INIC setup $KS
$CMD 00130 $SKIP udp from any to any 123 out via $INIC $KS

$CMD 00300 deny all from 192.168.0.0/16 to any in via $INIC
$CMD 00301 deny all from 172.16.0.0/12 to any in via $INIC
$CMD 00302 deny all from 10.0.0.0/8 to any in via $INIC
$CMD 00303 deny all from 127.0.0.0/8 to any in via $INIC
$CMD 00304 deny all from 0.0.0.0/8 to any in via $INIC
$CMD 00305 deny all from 169.254.0.0/16 to any in via $INIC
$CMD 00306 deny all from 192.0.2.0/24 to any in via $INIC
$CMD 00307 deny all from 204.152.64.0/23 to any in via $INIC
$CMD 00308 deny all from 224.0.0.0/3 to any in via $INIC
#$CMD 00310 deny icmp from any to any in via $INIC
$CMD 00315 deny tcp from any to any 113 in via $INIC
$CMD 00320 deny tcp from any to any 137 in via $INIC
$CMD 00321 deny tcp from any to any 138 in via $INIC
$CMD 00322 deny tcp from any to any 139 in via $INIC
$CMD 00323 deny tcp from any to any 81 in via $INIC
$CMD 00330 deny all from any to any frag in via $INIC
$CMD 00332 deny tcp from any to any established in via $INIC

$CMD 00360 allow udp from any to 192.168.0.1 67 in via $INIC $KS
#$CMD 00370 allow tcp from any to me 80 in via $INIC setup limit
src-addr 2
#$CMD 00380 allow tcp from any to me 22 in via $INIC setup limit
src-addr 2
#$CMD 00390 allow tcp from any to me 23 in via $INIC setup limit
src-addr 2
$CMD 00400 deny log all from any to any in via $INIC
$CMD 00450 deny log all from any to any out via $INIC
$CMD 00800 divert natd ip from any to any out via $INIC
$CMD 00801 allow ip from any to any
$CMD 00999 deny log all from any to any
----------------------------------------------------------------------------

The problem with the above configuration is I do not get connected to my
ADSL Modem and no internet connection at all. "netstat -r" shows
nothing...
Are the configuration enough for me to configure my system for Internet
Connection Sharing or do I have to tweak other settings?
I would really appreciate any help, hints, or advices...
Thank you in advance...

By the way, since this is my first try in Internet Connection
Sharing...I am not that sure with my cable connections...
My internal LAN Card "bge0" is connected to my ADSL Modem while my other
externel USB LAN Card "aue0" is connected to my switching hub...and the
other PC that I have is also connected to the hub...Is this O.K.?

Srot BULL

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Srot BULL: "sendmail problem - Helo command rejected: Host not found"
• Next in thread: Chuck Swiger: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Chuck Swiger: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Benjamin Sobotta: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Reply: Frank J. Laszlo: "Re: Need Guidance in my Internet Connection Sharing configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]