I have a device rl0 for the wan and a device rl1 from the lan. The lan has no problem leasing clients via dhcpd and the wan has no problem retrieving a lease via dhclient. The problem is that the traffic coming from the lan does not pass on to the wan. I'm assuming I may have a routing problem, but I'm not sure. Any assistance is appreciated, please let me know if you need more information. Here is the critical configuration info:
Code:
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default XXX.XXX.XXX.1 UGS 0 5 rl0
XXX.XXX.XXX/22 link#1 UC 0 0 rl0
XXX.XXX.XXX.1 00:1a:2f:8b:30:05 UHLW 2 0 rl0 1199
127.0.0.1 127.0.0.1 UH 0 0 lo0
169.254.75/24 link#2 UC 0 0 rl1
169.254.75.254 00:1f:33:cd:a9:59 UHLW 1 358 rl1 1170
----------------
# cat /etc/rc.conf
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
ipnat_enable="YES"
ifconfig_rl1="inet 169.254.75.1 netmask 255.255.255.0"
dhcpd_enable="YES"
dhcpd_ifaces="rl1"
sshd_enable="YES"
ifconfig_rl0="DHCP"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
------------------
# cat /etc/ipfw.rules
IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
# deny and log everything
$IPF 500 deny log all from any to any
----------------------
# cat /usr/src/sys/i386/conf/MYKERNEL
[truncated]
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPDIVERT
[truncated]