From owner-freebsd-net  Wed May 26  0:20:10 1999
Delivered-To: freebsd-net@freebsd.org
Received: from lanfear.nidlink.com (lanfear.nidlink.com [216.18.128.7])
	by hub.freebsd.org (Postfix) with ESMTP id F01401502A
	for <freebsd-net@FreeBSD.ORG>; Wed, 26 May 1999 00:20:07 -0700 (PDT)
	(envelope-from sworkman@nidlink.com)
Received: from enaila.nidlink.com (root@enaila.nidlink.com [216.18.128.8])
	by lanfear.nidlink.com (8.9.0/8.9.0) with ESMTP id AAA24872;
	Wed, 26 May 1999 00:20:07 -0700 (PDT)
Received: from hal.nidlink.com (tnt132-87.nidlink.com [216.18.132.87])
	by enaila.nidlink.com (8.9.0/8.9.0) with ESMTP id AAA15701;
	Wed, 26 May 1999 00:20:04 -0700 (PDT)
Message-ID: <XFMail.990526002403.sworkman@nidlink.com>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <374B9FC2.6D1078CD@simultan.ch>
Date: Wed, 26 May 1999 00:24:03 -0700 (PDT)
Reply-To: sworkman@nidlink.com
From: Shawn Workman <sworkman@nidlink.com>
To: Thomas Seidmann <tseidmann@simultan.ch>
Subject: Re: Just a question
Cc: freebsd-net@FreeBSD.ORG
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Thanks for the info..

I am assuming that rule number 300 is the important one(for natd).

I will go ahead and make the necessary mods and have some fun..

Thanks again..
 


On 26-May-99 Thomas Seidmann wrote:
> Shawn Workman wrote:
>> >From the FreeBSD host.
>> 
>> > Basically, you should run 'natd -interface fxp1', since fxp1 is the
>> > public interface. Od course fxp1 has got to have a valid IP address. You
>> > should provide more details in order to get help. I can assure you NAT
>> > works perfectly in both -stable and -current.
>> 
>> I was running NAT on fxp1 and it had a valid address.  As soon as I ran
>> natd -interface fxp1
>> I could no longer access the Internet..
> 
> OK, in this case the ipfw rules must be missing. Be sure they look like
> this (obtained with 'ipfw l'):
> 
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 divert 8668 ip from any to any via fxp1
> 65000 allow ip from any to any
> 65535 deny ip from any to any
> 
> The numbers can be different, and rule 65000 can be replaced by more
> specific firewall rules.
> 
>> another question, Does natd start at boot?
> 
> Yes, if you specify in rc.conf the following:
> 
> natd_enable="YES"
> natd_interface="fxp1"
> 
> Regards,
> Thomas



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message