Simeon Goranov
2004-Nov-09 13:07 UTC
natd and ipfw: share Internet connection only with one PC in the LAN
Hi everybody!
I'm with FreeBSD 5.3 and i want to share my Internet connection with one
more PC not with entire LAN. I have IP 10.0.54.128. The LAN has
10.0.54.0\24. I want to share on one PC with IP 10.0.54.8
My connection to Internet is via pptp:
saiman# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.200.54.8 --> 192.168.0.34 netmask 0xffffffff
Opened by PID 1012
In the kernel I have:
options IPDIVERT
options IPFIREWALL
rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.ipfw"
natd_enable="YES"
natd_interface="tun0"
First I tried this:
saiman# ipfw list
00010 divert 8668 ip from any to any via tun0
65000 allow ip from any to any
65535 deny ip from any to any
but it stopped my connection:
saiman# ping freebsd.org
PING freebsd.org (216.136.204.21): 56 data bytes
^C
--- freebsd.org ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
I cant understand why? What's gone on with the divert rule ?
Then I did:
saiman# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow ip from any to 10.0.54.8 via tun0
00500 deny ip from any to 10.0.0.0/8 via tun0
65000 allow ip from any to any
65535 deny ip from any to any
Now I have net on 10.0.54.8 and only on 10.0.54.8 , but without divert
rule ?!? How ? I'm sure that this is not the right decision ..