# 9.1 not routing



## gjpc (Apr 13, 2013)

Please help.

I have replaced a 8.x *Free*BSD router with a 9.1. The machine refuses to route. Here is my rc.conf:


```
hostname="valcor.ob1net.net"

ifconfig_em0=" inet 173.13.184.18 netmask 255.255.255.248"
ifconfig_em1=" inet 10.0.0.1 netmask 255.255.255.0"
ifconfig_em1_alias0=" inet 10.25.0.3 netmask  255.255.0.0"

defaultrouter="173.13.184.22"
gateway_enable="YES"

firewall_enable="YES"
firewall_type="OPEN"

natd_enable="YES"
natd_interface="em0"
natd_flags="-m -s"

sshd_enable="YES"
usbd_enable="YES"

ntpd_enable="YES"
ntpd_sync_on_start="YES"
ntpdate_enable="YES"

apache22_enable="YES"

# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"

bb_enable="YES"
```

`ipfw list`:

```
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 allow ip from any to any
65535 deny ip from any to any
```

`uname -a`:

```
FreeBSD valcor.ob1net.net 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
```

The machine is connected to the internet. Other machines using this machine as the gateway have their `traceroute`'s terminate at 10.0.0.1.

Need we build a custom routing kernel like in the old days?


----------



## phoenix (Apr 13, 2013)

10.x.x.x addresses are non-routable. You have to NAT to a routable address.


----------



## gjpc (Apr 13, 2013)

The old 8.x rc.conf:


```
# -- sysinstall generated deltas -- # Sat Jul 23 06:15:56 2005
# Created: Sat Jul 23 06:15:56 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.

defaultrouter="173.13.184.22"
gateway_enable="YES"
hostname="Valcor.OB1Net.net"

ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 10.25.0.3 netmask 255.255.0.0"
fconfig_rl0_alias1="inet 10.0.0.1 netmask 255.255.255.0"

ifconfig_dc0="inet 173.13.184.18 netmask 255.255.255.248"

inetd_enable="YES"
linux_enable="YES"
moused_enable="NO"
moused_type="NO"
sshd_enable="YES"
usbd_enable="YES"
apache21_enable="YES"


# here are the nat entries
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="dc0"
natd_flags="-m -s"

ntpd_enable="YES"
ntpd_sync_on_start="YES"

ntop_enable="NO"

#Clear specific hosts for monitoring wimax
static_routes="modem clear"
route_modem="-net 10.100.0.0/24 10.0.0.2"
route_clear="-host 71.22.8.249 10.0.0.2"
```

dc0 is on the internet and is the natd interface.

On the 8.x machine rl0 was 10.0.0.1 and 10.25.0.0.3, the two internal addresses. The packets sent here were routed to dc0. The old machine had dc0 on the internet which was the natd interface.

Would you please elaborate?


----------



## dave (Apr 13, 2013)

I'm not a routing expert, but it seems to me that denying the loopback interface (ipfw rule #200 and #300) would be problematic.  Is there a reason you are doing that?


----------



## gjpc (Apr 13, 2013)

My working router on 8.2 has the 2 same ipfw rules:

```
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
```

They are part of the standard install.


----------



## kpa (Apr 13, 2013)

Those rules are part of standard spoof protection, packets to/from 127.0.0.0/8 on any other interface but lo(4) are bogus.


----------



## gjpc (Apr 13, 2013)

*Solved*

At last I found the problem.


```
ipfw_load="YES"
ipdivert_load="YES"
net.inet.ip.fw.default_to_accept="1"
```

were not in /boot/loader.conf.


----------

