From owner-freebsd-questions@FreeBSD.ORG Sun Apr 13 00:25:50 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6CDA37B401 for ; Sun, 13 Apr 2003 00:25:50 -0700 (PDT) Received: from pop017.verizon.net (pop017pub.verizon.net [206.46.170.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id C660543F3F for ; Sun, 13 Apr 2003 00:25:49 -0700 (PDT) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([68.160.24.154]) by pop017.verizon.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with ESMTP id <20030413072548.BBTE1817.pop017.verizon.net@keyslapper.org> for ; Sun, 13 Apr 2003 02:25:48 -0500 Received: from keyslapper.org (localhost [127.0.0.1]) by keyslapper.org (8.12.8p1/8.12.3) with ESMTP id h3D7Plso008780 for ; Sun, 13 Apr 2003 03:25:47 -0400 (EDT) (envelope-from leblanc@keyslapper.org) Received: (from leblanc@localhost) by keyslapper.org (8.12.8p1/8.12.8/Submit) id h3D7PlVB008779 for freebsd-questions@FreeBSD.org; Sun, 13 Apr 2003 03:25:47 -0400 (EDT) Date: Sun, 13 Apr 2003 03:25:47 -0400 From: Louis LeBlanc To: FreeBSD Questions Message-ID: <20030413072547.GA500@keyslapper.org> Mail-Followup-To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.4i X-Authentication-Info: Submitted using SMTP AUTH at pop017.verizon.net from [68.160.24.154] at Sun, 13 Apr 2003 02:25:48 -0500 Subject: network problem after hosing rc.firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 07:25:51 -0000 Hey everyone. I totally fsck'd up my network setup because I forgot to back up /etc and got a little quick on the keyboard while running mergemaster. No one to blame but myself, but the one file that got hosed was the firewall script that took me months to tweak out the way I wanted it. You'd think I'd have kept at least a fairly recent copy. Nah. Adventures in computing, right? I've got it mostly put back together, but one problem I'm having is the internal network translation through ppp. The PPP configuration hasn't been touched, so that shouldn't be a problem. The only thing I can think of is the firewall. The problem I am experiencing on the systems behind the firewall machine is a dns lookup failure. I haven't a clue why. Pings work fine, but nothing that requires a lookup. The internal machines mount one or two samba partitions from this machine too, but they don't work. Cygwin nslookups return this: Can't find server name for : Timed out. I am using the rule from the installed rc.firewall: # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state DNS lookups work fine from this machine. I am running a caching only nameserver on this machine as well, but it doesn't seem to be helping. Here's my ifconfig: fxp0: flags=8843 mtu 1500 inet 10.8.20.5 netmask 0xffffff00 broadcast 10.8.20.255 inet6 fe80::2a0:c9ff:fe74:12a3%fxp0 prefixlen 64 scopeid 0x1 ether 00:a0:c9:74:12:a3 media: Ethernet autoselect (100baseTX) status: active xl0: flags=8843 mtu 1500 options=3 inet6 fe80::2c0:4fff:fe40:d9a%xl0 prefixlen 64 scopeid 0x2 ether 00:c0:4f:40:0d:9a media: Ethernet autoselect (100baseTX ) status: active ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 tun0: flags=8051 mtu 1492 inet 68.160.24.154 --> 10.9.76.1 netmask 0xffffffff Opened by PID 918 The loopbacks are there, I just left them out here. oif is tun0, iif is fxp. The natd settings in /etc/rc.d are: natd_program="/sbin/natd" natd_interface="tun0" natd_enable=YES natd_flags="-u -s -same_ports -dynamic -n xl0 -log_facility security" and the ppp settings: ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="verizon" ppp_user="root" Any ideas? I have the nagging feeling I've had this one before, but I can't remember it, and can't find any information in my copious saved email. Thanks all. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Serocki's Stricture: Marriage is always a bachelor's last option.