From owner-freebsd-questions Tue Sep 14 19:52:11 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 26E1E154C0 for ; Tue, 14 Sep 1999 19:52:06 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.8.8) id WAA21491; Tue, 14 Sep 1999 22:51:42 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199909150251.WAA21491@cc942873-a.ewndsr1.nj.home.com> Subject: Re: IPFW & NATD In-Reply-To: from "elazich@AlaskaAir.com" at "Sep 14, 1999 10:22:11 am" To: elazich@AlaskaAir.com Date: Tue, 14 Sep 1999 22:51:42 -0400 (EDT) Cc: ru@ucb.crimea.ua, freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG elazich@AlaskaAir.com wrote, > This morning I checked my arp table and find the following just after I > have pinged (or do you say pung, proper english would seem to dictate > the latter) 10.0.0.2 on my internal subnet; Nope. It's pinged. Don't ask me why when sing->sung, ring->rung, fling->flung, cling->clung, sting->stung, etc., but ping->pinged, wing->winged, ding->dinged, and zing->zinged, etc. (and just to make it more interesting, bring->brought). > capricorn# arp -a > ? (10.0.0.2) at (incomplete) > static-134-129.dsl.cnw.net (207.149.134.129) at 0:0:c:6a:78:c > ns1.loopback.com (207.149.134.143) at 0:80:29:68:52:c4 permanent > capricorn# > > I also noticed in te results of a "dmesg" that 10.0.0.2 had resolved to > a NIC card which I don't see on my local network, the actual message > was something to the effect that the physical address for 10.0.0.2 was > resolved by lnc1 (which is my ecternal NIC). Again, the other clients > on my internal net can ping each other fine but my firewall box cannot > ping or be pinged by the internal clients save for pinging itself. > This appears to be HW address related but I'm not sure why, can anyone > shed some light on this? My IPFW ruleset again is; > > >capricorn# ipfw sho > >00100 9001 2506073 divert 8668 ip from any to any via lnc1 > >00200 12293 2895085 allow ip from any to any > >65535 45 7436 deny ip from any to any > >capricorn# > > and my ifconfig output is; > > >capricorn# ifconfig -a > >vx0: flags=8843 mtu 1500 > > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > > ether 00:a0:24:bd:f8:af > >lnc1: flags=8843 mtu 1500 > > inet 207.149.134.143 netmask 0xffffffe0 broadcast > >207.149.134.159 > > ether 00:80:29:68:52:c4 > >lp0: flags=8810 mtu 1500 > >tun0: flags=8010 mtu 1500 > >sl0: flags=c010 mtu 552 > >ppp0: flags=8010 mtu 1500 > >lo0: flags=8049 mtu 16384 > > inet 127.0.0.1 netmask 0xff000000 > >capricorn# > > Any help is greatly appreciated. [HUGE snip] OK, I have been half-heartedly following this thread. Your interfaces look like they are setup right. The firewall rules look OK. And the natd setup (which I cut but is reported: 'natd -interface lnc1') looks good. All I can think to ask: 1) Check the ps or top output to verify natd is still running. 2) Please show us exactly how you have this setup in the rc.conf file. Can you verify that other rc.* files have not been altered. 3) Redo the tcpdump also adding the '-e' flag so we see Ethernet addresses. Plus, try to ping 10.0.0.1 from one of the other machines while doing the dump. (I'm wondering where the ARP calls were in your tcpdump output.) Those are my ideas. Hope it might help. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message