Date: Thu, 18 Oct 2001 23:40:58 -0400 From: "John" <j.telford@sympatico.ca> To: "Mike Semcheski" <jimmyjump77@hotmail.com>, <freebsd-newbies@freebsd.org> Subject: Re: ipfw and natd Message-ID: <000801c1584f$ddc943a0$0a00000a@johnny2k> References: <OE118b0WZSFMKWFfjLG0000e9f0@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Your natd_interface should be on the public interface tl0, not fxp0 and also have gateway_enable="YES" in rc.conf too. If that natd is a typo and it is already set to tl0 then perhaps this will help: Check that your default gateway on the Win2k points to the ip of fxp0. Install the port /usr/ports/net/trafshow on your Fbsd box, fire it up on each interface and see if the packets go through. You say you are on DSL is this using PPPoE ? If so then you may have to adjust your MTU on the Win2K box. There's a couple ways to do this: - change the registry on the Win2K box, lots of info on this out there. - let the FreeBSD box do it for you on the fly. to do this you need either the latest ppp drivers available at http://www.awfulhak.org/ppp.html or upgrade to a newer version of Fbsd. Installing the ppp is quicker. Leave the firewall set to open until you get it going then lock it down. Regards, John. > Right now, I have a FreeBSD 4.2 box with two NIC's. fxp0 is hooked up via > crossover to a Win2k box. tl0 is hooked up (via a long cat-5) to my DSL > router. I have a static IP (go Speakeasy!). I am running among other > things, ipfw, natd and named. The Win2k's primary DNS is the FreeBSD box. > Win2k can resolve names with no problem, and can also ping tl0 with no > problem. The FreeBSD box is on the network, and can reach the outside > world. The Win2k box can resolve a name but can not access it. To me, > either natd is not aliasing this connection correctly or ipfw is blocking > its connections. I have tried a lot of different rules for ipfw, I have not > put a lot into setting up natd (other than natd_enable="yes" > natd_interface="fxp0" and natd_flags="-log -dynamic". > I use firewall_type="open". I have net.inet.ip.fw.verbose=1, and > firewall_logging="yes". > > For what all that is worth, I was wondering if anyone had some rules or > other configs that might get this to work. My eventual goal is to get a > similar setup working at work and somehow add a rule to IPSec all the > connections between work and home, but first things first, I need to get > ipfw and natd working at home. If someone has a similar setup and rules > that work, I would love to see them, or if there are any points I am not > aware of, I would love to see them. I have tried a lot of different > combinations, read lots of pages from the web, and lots of man pages, and I > just can not get this working. Anyone able to help me? > > Thanks, > Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c1584f$ddc943a0$0a00000a>