Solved Geteway not forwarding

fullauto2012

Active Member

Reaction score: 26
Messages: 171

Code:
root@gateway:/usr/home/tim.falardeau # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            xx.xx.xxx.90       UGS         em0
xx.xx.xxx.88/30    link#1             U           em0
xx.xx.xxx.89       link#1             UHS         lo0
127.0.0.1          link#3             UH          lo0
192.168.1.0/24     link#2             U           em1
192.168.1.1        link#2             UHS         lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%lo0/32                     ::1                           U           lo0
Code:
root@gateway:/usr/home/tim.falardeau # cat /etc/rc.conf
hostname="gateway"
ifconfig_em0="inet xx.xx.xxx.89 netmask 255.255.255.252"
defaultrouter="xx.xx.xxx.90"
ifconfig_em1="inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"

#DHCPd
dhcpd_enable="YES"
dhcpd_ifaces="em1"

sshd_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
Code:
root@gateway:/usr/home/tim.falardeau # cat /etc/resolv.conf
nameserver 75.75.75.75
nameserver 75.75.76.76
nameserver 8.8.8.8
nameserver 8.8.4.4
Code:
root@gateway:/usr/home/tim.falardeau # uname -a
FreeBSD gateway 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
I have 2 computers (so far) behind this router/firewall. Neither will connect to the iNet regardless of whether I put them on the network with either a dchpd address (200-250), or a static ip. Firewall is not even installed yet, so that is clearly not the issue. I'm hoping it's some small oversight that one of you can point out and we can all have a laugh at my expense..

I am able to SSH to the router as well as ping it. However, I cannot ping the machine back. I have iNet access on the router itself, everything resolves, and portsnap worked. Just no access on the machines behind it.
 
OP
OP
fullauto2012

fullauto2012

Active Member

Reaction score: 26
Messages: 171

Doesn't fowarding do that?!
I was under the impression that 'gateway_enable' handled all aspects of being a gateway.
 

Phishfry

Son of Beastie

Reaction score: 1,419
Messages: 4,180

I use pf in an NAT only mode on my FreeBSD Wireless Access Points. I use pfSense upstream for my firewall.
I believe you do need NAT to get forwarding.

This is all you need for NAT.
/etc/pf.conf
Code:
ext_if="em0"
int_if="em1"
set skip on lo
nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
Here is my WAP setup. You can see what I use for a basic setup.
https://forums.freebsd.org/posts/348330/
So gateway enabled and default router set but I still need pf to do NAT for any connections to work.
 

leebrown66

Well-Known Member

Reaction score: 134
Messages: 401

Doesn't fowarding do that?!
I was under the impression that 'gateway_enable' handled all aspects of being a gateway.
No, forwarding simply implies you are routing packets from one interface to another (in a non-trival way). Whether you want to NAT depends on the networks involved. You could be forwarding between two local networks in which case you wouldn't want to NAT.
 

Phishfry

Son of Beastie

Reaction score: 1,419
Messages: 4,180

I thrashed around resolvconf before realizing my connection problem was no NAT. I had myself convinced it was the resolver.
Once my pf rule is in place resolvconf works exactly as it should.
You could be forwarding between two local networks in which case you wouldn't want to NAT
Thanks for this explanation. I knew I had to do NAT with pf but didn't know why.
 
OP
OP
fullauto2012

fullauto2012

Active Member

Reaction score: 26
Messages: 171

This is why I use FreeBSD...
Simply put, the community is fantastic...

Ok, commence laughing at me!!
 

Phishfry

Son of Beastie

Reaction score: 1,419
Messages: 4,180

No laughing we are all learning.
I still have not figured out how to NAT multiple internal interfaces.
 
Top