Date: Mon, 27 May 2002 10:15:27 -0400 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: <mikereed@speakeasy.net>, <freebsd-questions@FreeBSD.ORG> Subject: Re: natd won't nat Message-ID: <003201c20588$f42f58f0$1200a8c0@gsicomp.on.ca> References: <200205271351.g4RDpe930478@spidey.speakeasy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Trying an experiment using vtund (from ports/net) to open VPN connection from home (DSL) into FreeBSD box at work. I finally got the tunnel working on tun0, but when I try to send a packet from home, the FreeBSD gateway doesn't translate the packet. > > network diagram: > > home wrkstn (w2k) > ---------------- > 10.0.0.10 -> > > OpenBSD router > ------------------------------------- > 10.0.0.1(ep0) -> 192.168.1.1(tun0) -> > > FreeBSD VPN gtwy > ------------------------------------------- > 192.168.1.5(tun0) -> work LAN x.x.x.x(fxp0) > > If I try to connect from say, 10.0.0.10 to x.x.26.27, the packet will leave fxp0 on the VPN box as 10.0.0.10 -> x.x.26.27 never to return (obviously). a> > I've got a kernel compiled with 'options IPFIREWALL' and 'options IPDIVERT'. I've got the appropriate entries in the rc.conf: > > gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" > natd_enable="YES" > natd_interface="fxp0" > natd_flags="-l" > > I wasn't sure whether the firewall was a problem, so I just made a brand new rc.firewall with the following: > > /sbin/ipfw add pass all from any to any > > Nothing seems to work. Any ideas? If you *replaced* rc.firewall with your one-liner above, then that's the reason natd isn't working. When natd_enable="YES" in /etc/rc.conf (as you have), it adds a rule to ipfw that looks like this: /sbin/ipfw divert natd all from any to any via fxp0 which sends all incoming/outgoing packets through the natd daemon. Without this rule, natd doesn't get anything to work on. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003201c20588$f42f58f0$1200a8c0>