Hello,
I have been stuggling for a while trying to get my FreeBSD 9 server to route properly.
This machine has two interfaces:
External -> rl0 68.15.x.x
Internal -> dc0 192.168.1.1
I can lynx to a webpage from it, and all the machines behind it can reach the internet, but it is not allowing traffic to get at the DNS located on the machine, or any of the servers configured in ipnat.rules. I have gone as far as to try and allow ALL traffic through the firewall in an attempt to figure this out, but still no avail.
map is as follows:
Please tell me what I'm doing wrong. I would really like to have this up and running and I have been devouring man pages with no success.
FYI: I used the Doc here to set it up http://www.freebsd.org/doc/handbook/firewalls-ipf.html
My kernel options in case I made a mistake.
I have been stuggling for a while trying to get my FreeBSD 9 server to route properly.
This machine has two interfaces:
External -> rl0 68.15.x.x
Internal -> dc0 192.168.1.1
I can lynx to a webpage from it, and all the machines behind it can reach the internet, but it is not allowing traffic to get at the DNS located on the machine, or any of the servers configured in ipnat.rules. I have gone as far as to try and allow ALL traffic through the firewall in an attempt to figure this out, but still no avail.
map is as follows:
Code:
Bender: rl0(68.15.x.x)|dc0(192.168.1.1)
Running: IPfilter, IPnat, Named, Sshd
|
|
|
V
Switch
|
|
|--- Amy (192.168.1.3) Windows 7 - Teamspeak3 server
|
|
|--- Hubert (192.168.1.10) FreeBSD 9 - Apache22, Proftpd
|
|
|--- (192.168.1.50-99) Windows Clients
|
|
|
---- (192.168.1.100) DHCPd (192.168.1.101-250)Please tell me what I'm doing wrong. I would really like to have this up and running and I have been devouring man pages with no success.
FYI: I used the Doc here to set it up http://www.freebsd.org/doc/handbook/firewalls-ipf.html
Code:
[root@Bender]/etc-> cat rc.conf
##################################
# Network Name of Machine
hostname="Bender"
# Test Config
ifconfig_rl0=" inet 68.15.62.102 netmask 255.255.255.224"
ifconfig_dc0=" inet 192.168.1.1 netmask 255.255.255.0"
defaultrouter="68.15.62.97"
# IP4 address and Netmask
#ifconfig_rl0=" inet 68.15.62.102 netmask 255.255.255.224"
#ifconfig_dc0=" inet 192.168.1.2 netmask 255.255.255.0"
#defaultrouter="192.168.1.1"
# Firewall (IP Filter)
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
# IP NAT
gateway_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
# Alternet IP4
#ifconfig_rl0="DHCP"
#ifconfig_dc0=" inet 192.168.1.2 netmask 255.255.255.0"
#defaultrouter="192.168.1.1"
#ntpd_enable="YES"
#ntpd_flags="-g"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
# Added to get X11 working 3-25-12
hald_enable="YES"
dbus_enable="YES"
###############################
#
# Services
sshd_enable="YES"
ftpd_enable="NO"
inetd_enable="NO"
proftpd_enable="YES"
#proftpd_flags="<set as needed>"
sendmail_enable="NO"
apache22_enable="NO"
#apache_flags=""
qpopper_enable="NO"
named_enable="YES"
#dhcpd_enable="NO"
#dhcpd_ifaces="dc0"
[root@Bender]/etc->
Code:
[root@Bender]/etc-> cat ipf.rules
#################################################################
# No restrictions on Inside LAN Interface for private network
# Not needed unless you have LAN
#################################################################
pass out quick on rl0 all
pass in quick on rl0 all
pass out quick on dc0 all
pass in quick on dc0 all
#################################################################
# No restrictions on Loopback Interface
#################################################################
pass in quick on lo0 all
pass out quick on lo0 all
[root@Bender]/etc->
Code:
[root@Bender]/etc-> cat ipnat.rules
# IPNAT configuration rules
map rl0 192.168.1.0/24 -> 0/32
### Port Forwarding ##
rdr rlo 68.15.62.102/32 port 80 -> 192.168.1.10 port 80
# TS3 VoIP Server
rdr rlo 68.15.62.102/32 port 9987 -> 192.168.1.3 port 9987
# TS3 File Transfer Server
rdr rlo 68.15.62.102/32 port 30033 -> 192.168.1.3 port 30033
# Mincraft Server (Kids Server)
rdr rlo 68.15.62.102/32 port 25565 -> 192.168.1.3 port 25565
[root@Bender]/etc->My kernel options in case I made a mistake.
Code:
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
ident MYKERNEL
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
### Added 5/29/12 Trf ###
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
#########################
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
### Remove UPS_DIRHASH after machine is IPW'ing ###
options UFS_DIRHASH # Improve performance on big directories
###################################################
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options NFSCL # New Network Filesystem Client
options NFSD # New Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options NFS_ROOT # NFS usable as /, requires NFSCL
#options MSDOSFS # MSDOS Filesystem
#options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
#options KDTRACE_HOOKS # Kernel DTrace hooks
options INCLUDE_CONFIG_FILE # Include this file in kernel
options KDB # Kernel debugger related code
options KDB_TRACE # Print a stack trace for a panic
# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
Code:
[root@Bender]/etc-> cat resolv.conf
#domain spreadspectrum.net
#nameserver 192.168.1.2
nameserver 68.105.28.16
nameserver 68.105.29.16
[root@Bender]/etc->