From owner-freebsd-newbies Thu Oct 18 20:36:11 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from tomts10-srv.bellnexxia.net (tomts10.bellnexxia.net [209.226.175.54]) by hub.freebsd.org (Postfix) with ESMTP id 82DD137B401 for ; Thu, 18 Oct 2001 20:36:06 -0700 (PDT) Received: from johnny2k ([64.229.35.117]) by tomts10-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20011019033605.CAJH4321.tomts10-srv.bellnexxia.net@johnny2k>; Thu, 18 Oct 2001 23:36:05 -0400 Message-ID: <000801c1584f$ddc943a0$0a00000a@johnny2k> From: "John" To: "Mike Semcheski" , References: Subject: Re: ipfw and natd Date: Thu, 18 Oct 2001 23:40:58 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Your natd_interface should be on the public interface tl0, not fxp0 and also have gateway_enable="YES" in rc.conf too. If that natd is a typo and it is already set to tl0 then perhaps this will help: Check that your default gateway on the Win2k points to the ip of fxp0. Install the port /usr/ports/net/trafshow on your Fbsd box, fire it up on each interface and see if the packets go through. You say you are on DSL is this using PPPoE ? If so then you may have to adjust your MTU on the Win2K box. There's a couple ways to do this: - change the registry on the Win2K box, lots of info on this out there. - let the FreeBSD box do it for you on the fly. to do this you need either the latest ppp drivers available at http://www.awfulhak.org/ppp.html or upgrade to a newer version of Fbsd. Installing the ppp is quicker. Leave the firewall set to open until you get it going then lock it down. Regards, John. > Right now, I have a FreeBSD 4.2 box with two NIC's. fxp0 is hooked up via > crossover to a Win2k box. tl0 is hooked up (via a long cat-5) to my DSL > router. I have a static IP (go Speakeasy!). I am running among other > things, ipfw, natd and named. The Win2k's primary DNS is the FreeBSD box. > Win2k can resolve names with no problem, and can also ping tl0 with no > problem. The FreeBSD box is on the network, and can reach the outside > world. The Win2k box can resolve a name but can not access it. To me, > either natd is not aliasing this connection correctly or ipfw is blocking > its connections. I have tried a lot of different rules for ipfw, I have not > put a lot into setting up natd (other than natd_enable="yes" > natd_interface="fxp0" and natd_flags="-log -dynamic". > I use firewall_type="open". I have net.inet.ip.fw.verbose=1, and > firewall_logging="yes". > > For what all that is worth, I was wondering if anyone had some rules or > other configs that might get this to work. My eventual goal is to get a > similar setup working at work and somehow add a rule to IPSec all the > connections between work and home, but first things first, I need to get > ipfw and natd working at home. If someone has a similar setup and rules > that work, I would love to see them, or if there are any points I am not > aware of, I would love to see them. I have tried a lot of different > combinations, read lots of pages from the web, and lots of man pages, and I > just can not get this working. Anyone able to help me? > > Thanks, > Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message