Solved [Solved] [Problem] Server setup

Hello everybody,

I am trying to set[]up FreeBSD 10 as a router, but am stuck on getting it working. I don't want to switch back to Debian, please help if you can.

The server is a machine with two network interfaces:
(em0) = IP 194.160.184.40 is connected to an optical link router with IP address 194.160.184.33 255.255.255.240
(re0) = IP 192.168.5.1 connected to the internal network using a switch.

FreeBSD should act as a gateway and switch outgoing packets through the optical link.

Here is my rc.conf content:
Code:
hostname="GYMNAZIUM"
ifconfig_re0="inet 192.168.5.1 netmask 255.255.255.0"
ifconfig_em0="inet 194.160.184.40 netmask 255.255.255.240"
defaultrouter="194.160.184.33"
static_routes="internet local"
route_internet="-net 194.160.184.0/28 194.160.184.33"
route_local="-net 192.168.5.0/24 192.168.5.1"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em0"
natd_flags=""
dhcpd_enable="YES"
dhcpd_ifaces="re0"
powerd_enable="YES"
apache24_enable="YES"
apache24_flags=""
dumpdev="AUTO"
inetd_enable="YES"
ipnat_enable="YES"
Content of the /boot/loader.conf:
Code:
net.inet.ip.fw.default_to_accept="1"
ipfw_load="YES"
ipdivert_load="YES"
options IPFIREWALL_DEFAIULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
netstat -r
Code:
destination          gateway            flags  refs use   netif
default              he-gls-gw.sados.up UGS     0      66    em0
localhost            link#3              UH     0      0    lo0
192.168.5.0          link#3              UH     0      0    lo0
192.168.5.1          link#2              U      0     0    re0
194.160.184.0/28     HE-GLS-gw,.ados.up  UGS    0    0    em0
194.160.184.32/28    link#1              U       0    0   em0
194.160.184.40       link#1              UHS    0      0     l0
I can ping any WWW or IP address from the FreeBSD machine and I can ping the local network machine with the assigned DHCP address. But when I try to ping any outside host from the internal network machine or browse websites it does not work.

Looks like FreeBSD is not switching packets from localhost to the .33 gateway for some reason.

Please help.
 
Re: [Problem] Server setup

yarex said:
Code:
static_routes="internet local"
route_internet="-net 194.160.184.0/28 194.160.184.33"
route_local="-net 192.168.5.0/24 192.168.5.1"
Remove these. They're directly connected networks, their routes are implied.
Code:
inetd_enable="YES"
You don't need it. It's a relic from the past, remove it.

Code:
options IPFIREWALL_DEFAIULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
These are kernel build options, they have no place in loader.conf, remove them.
 
Re: [Problem] Server setup

Removed, but still not working.

A ping from the server works fine, but from the internal network it does not. (I can ping only the FreeBSD bsd server = 192.168.5.1)
 
Re: [Problem] Server setup

Use tcpdump(1) to "see" what's going on. I'm betting your NAT isn't set up correctly.
 
Re: [Problem] Server setup

SirDice said:
Use tcpdump(1) to "see" what's going on. I'm betting your NAT isn't set up correctly.

When I use it with the -i option I get a lot of output on the internet interface. On the local network interface only when I start the client's network card. How is that supposed to help me? I am a networking noob ;(.

Would you please you have time and be able to help if I send you the sshd/PuTTY IP and login?
 
Re: [Problem] Server setup

There are several options where this could go wrong. First of all the clients themselves; are you sure that those have been properly configured so that they will use the server (192.168.5.1) as their default gateway? You can check that by using the traceroute (Linux / BSD) or tracert (Windows) command. For example, when I check on my Windows client what route I use to reach 8.8.8.8 (Google's public DNS server) then:

Code:
C:\Users\Peter>tracert 8.8.8.8

Traceren van de route naar google-public-dns-a.google.com [8.8.8.8]
via maximaal 30 hops:

  1   <1 ms   <1 ms   <1 ms  draytek-w.intranet.lan [10.0.1.100]
  2     1 ms     1 ms   <1 ms  192.168.1.1
  3     9 ms    14 ms     7 ms  xxxx
  4     8 ms    39 ms    11 ms  xxxx
  5   143 ms     9 ms     9 ms  xxxx
  6    12 ms    11 ms    15 ms  xxxx
Don't mind the xxxx entries; I'm not confident enough to share my real upstream routers and such ;) But do note how it perfectly finds its way past my two routers. Ergo: in this example it's safe to conclude that 10.0.1.100 is the default router on this machine.

Next stop: your firewall. Are you sure client machines are allowed to actually contact the server using other protocols besides ICMP (to use ping)?

And in addition to what @SirDice said above; have you already looked into natd(8)? Because from what I read there you need a customized kernel which has the options IPFIREWALL and IPDIVERT enabled. Although I will have to add that this comment is contradicted in the FreeBSD handbook on NAT.

This is probably much too easy but: you did reboot the server so that it would load the modules, right?

Edit: s/set/said/
 
Last edited by a moderator:
Re: [Problem] Server setup

DHCP configured on 192.168.5.1 works fine and machine is visible from server and server is visible from machine - I can ssh to it from outside world and from that machine too. It's not just switching packages between networks for some reason. I did not compile a custom kernel, because according to documantation when using modules it's not required.

Tomorrow I will try a new fresh complete reinstall again ;(.
 
Re: [Problem] Server setup

yarex said:
Tomorrow I will try a new fresh complete reinstall again ;(.

What will that do? Misconfiguration is far more likely that an install problem.
 
Re: [Problem] Server setup

First of all I fully agree with @wblock@ here, reinstalling won't fix anything. Especially with such a trivial task. The real challenge is to rule out the options where this could have gone wrong so that you know where the problem resides. And then you try to fix that.

(quote talking about using tcpdump:)

yarex said:
When I use it with the -i option I get a lot of output on the internet interface. On the local network interface only when I start the client's network card. How is that supposed to help me? I am a networking noob ;(.
When re-reading this thread I suddenly noticed your comment about 'starting' the client's network card. What exactly do you mean with that? And of course: are you sure that those cards got 'started' when you performed the tests?

Also; when I look more closely at your shared netstat -r command up there I can't help notice that even though you say that you're using 192.168.5.1/24 on re0 its output doesn't seem to confirm this. It doesn't list that it can actually reach this network, it only lists lo0 (local loopback) as destination for 192.168.5.0, yet without the network mask. That puzzles me a little.

Your best option to solve this is to determine what the server is doing.

So; when you started a client (and 'started' its network card) so that it can ping the server, could you then run this command on the server and share its output: # sockstat -4c?

Also: what firewall is being used? Because that could be a possible problem too. For example; if you only allow incoming data on re0 where you also tell the firewall that the destination of said data should only be 192.168.5.1 then I could imagine that this could provide problems too.

When all else fails I'd simply tell a client to ping 8.8.8.8 continuously and then run tcpdump on the server (for both interfaces, and as mentioned above) and share the first 10 - 20 lines of its output here.
 
Last edited by a moderator:
Re: [Problem] Server setup

Finally I have it up and working! Reinstall to 64 bit version helped and with the same settings it's up and running. Thank you everybody for your help, I have so much to learn - especially from the networking area. Time now to play with PF and other utilities ;)
 
Back
Top