Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Nov 1998 12:17:30 -0500 (EST)
From:      austin wood <awood@fault.net>
To:        freebsd-net@FreeBSD.ORG
Subject:   NATD Problems
Message-ID:  <Pine.BSF.4.02A.9811121153430.1990-100000@seg.fault.net>
index | next in thread | raw e-mail 

I spent a long time setting up my freebsd box so it dials to my ISP
with kernel ppp and it acts as a gateway.  For packet aliasing, I use
natd.  I am very happy with the setup, except I think that natd is
blocking some tcp packets. This results in a connection timeouts on
particular site.  If this is not fixable, I will go to ppp -alias instead. 
Here is an example of what happens when I try to connect.

# natd -interface ppp0 -v
Out [UDP]  10.1.1.3 -> 207.172.3.16 aliased to
           207.96.19.192 -> 207.172.3.16
In  [UDP]  207.172.3.16 -> 207.96.19.192 aliased to
           207.172.3.16 -> 10.1.1.3
Out [TCP]  10.1.1.3:1103 -> 198.138.176.19:80 aliased to
           207.96.19.192:1103 -> 198.138.176.19:80
In  [TCP]  198.138.176.19:80 -> 207.96.19.192:1103 aliased to
           198.138.176.19:80 -> 10.1.1.3:1103
Out [TCP]  10.1.1.3:1103 -> 198.138.176.19:80 aliased to
           207.96.19.192:1103 -> 198.138.176.19:80
Out [TCP]  10.1.1.3:1103 -> 198.138.176.19:80 aliased to
           207.96.19.192:1103 -> 198.138.176.19:80
Out [TCP]  10.1.1.3:1103 -> 198.138.176.19:80 aliased to
           207.96.19.192:1103 -> 198.138.176.19:80
In  [TCP]  198.138.176.19:80 -> 207.96.19.192:1103 aliased to
           198.138.176.19:80 -> 10.1.1.3:1103                                  

I think it's not forwarding that last packet because netscape remains in
the "Waiting for reply..." state.  Here is a list of sites to which a
connection cannot be established.

	http://www.collegeboard.org/
	http://www.hotmail.com/
	http://www.idsoftware.com/
	http://www.futurestep.com/
	
My configuration files:
/etc/rc.conf:
  tcp_extensions="NO"
  firewall_enable="YES"
  firewall_type="open"
  network_interfaces="ep0 lo0 ppp0"
  ifconfig_lo0="inet 127.0.0.1"
  ifconfig_ep0="inet 10.1.1.1 netmask 255.255.255.0 link2"
  ifconfig_ppp0=
  gateway_enable="YES"

/etc/rc.firewall:
  if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
          $fwcmd -f flush
          $fwcmd add divert natd all from any to any via ppp0
          $fwcmd add pass all from any to any

/etc/services:
  natd            6668/divert

kernel:
  options	IPFIREWALL
  options	IPDIVERT

I think that's all the configuration files needed.
I use "natd -interface ppp0" to start it.

Thanks in Advance,
Austin Wood
                                    


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9811121153430.1990-100000>