Date: Sun, 28 Jun 98 14:50:36 MDT From: johnson@calvin.nrtc.northrop.com To: freebsd-questions@FreeBSD.ORG Subject: help requested with IP_DIVERT (also networking issues) Message-ID: <9806282150.AA20757@calvin.nrtc.northrop.com>
next in thread | raw e-mail | index | archive | help
Hello, I am trying to get NATD working on a FreeBSD 2.2.6 system. The documentation said I needed to rebuild my kernel with the IP_DIVERT option. I did this, installed the new kernel, and then rebooted. During the boot process I got the following horrifying message: /dev/wd0s2a on /: specified device does not match mounted device Then I got dumped into the single-user shell. I forlornly tried `mount /' from there, but got the same result. Fortunately, some considerate person 'way back when set kernel installation up so that /kernel got copied to /kernel.old as part of the process of installing new kernels. In this case I was saved by that: I rebooted kernel.old and things came up fine again. Could someone provide advice as to what is going wrong with IP_DIVERT? Thanks. On a related, larger topic: At the moment I am having quite a bit of trouble getting a local-area network set up in my home and on the net. My goal is to have a firewall FreeBSD machine, and three machines behind the firewall. One of those would be a second FreeBSD machine, and the other two would be Win95 machines. For the latter two machines, the only access to the net would be through Netscape Communicator. I have installed ethernet cards in two test machines, and am trying to get them set up. (After I get them set up, I will wire the other machines.) So far, I can get the two machines to talk to each other either as Win95 machines or as FreeBSD machines. I can get the firewall machine to talk to the outside world. At the moment, that's where I'm stuck. I can't get the test machine to talk to the outside world either as a FreeBSD machine (telnet, ftp, etc.) or as a Win95 machine from Netscape. My ISP gave me a static IP address, which I use with the ppp0 interface on the firewall machine. The firewall machine is set up as 192.168.3.1 on ed1, its ethernet device, and the other test machine is set up as 192.168.3.2 on its ethernet device (ed2 for some reason). I currently boot the firewall machine (firewalling enabled in rc.conf), then log in, manually get ppp going, and then manually start routed, named, and socks5. mountd, nfs, and Samba are started automatically during the boot process. mountd and nfs seem to work: I can cross-mount file systems between the two machines. I'm provisionally assuming that my problem is that the test machine is on the 192.168 subnet, which does not get routed to the outside world. (What is the usual procedure for people that have multiple machines at home as far as getting IP addresses? Get an IP address that is visible on the net for each machine? Have one net-visible IP address and have the other machines on an invisible 192.168 local net?) So, I tried to use NATD. My assumption is that the inner machines will talk to the firewall machine, which will be running NATD, and then the firewall machine will swap IP addresses so that external internet connections can be made from the inner machines. However, I cannot test this, since I cannot get the IP_DIVERT-enabled kernel to boot. Are SOCKS and NATD meant to be used together? My current understanding is that a connection initiated by an inside (192.168) machine would talk to the firewall on the 192.168 net, that NATD would intercept these messages and translate them to externally meaningful IP addresses, that SOCKS would take these packets and get them past the firewall, and the connection would be consummated. Is that about right, or am I missing something? It seems that my life would be a lot easier if I had multiple Internet visible IP addresses. Is this what people with multiple at-home machines usually do? With the internal test machine booted as a FreeBSD machine, it at least seems to find the name server on the firewall machine; when I do something like `telnet cs.wherever.edu' (as a test), it gives a numerical IP address. It then goes into never-never land. I assume the failure is due to the fact that the test machine is a 192.168 machine. However, when booted as a Win95 machine, I don't even get that far. I configured Netscape to use SOCKS proxying, and told it to use the other machine for DNS, but it immediately pops up error messages about not finding DNS. I'm not even sure it is using the ethernet; it appears to be trying to dial out. Any suggestions on how to get the win95 machine to use its ethernet adapter card and find the socks service on the firewall machine? Would I be dead in the water if the Win95 machine has an IP address 192.168.3.2? Would I need IP address translation on the firewall to get the Win95 machine to find the Internet? Am I sort-of on the right track here?? Any help and guidance would be greatly appreciated. I've now read tons of information in the FreeBSD handbook, large numbers of man pages, and a couple of Unix networking books. Also, lots of help pages on Win95 and Norton's Win95 book. The thing that got me to plead for help was the brick wall I finally hit when the IP_DIVERT-enabled kernel refused to boot. Greg Johnson johnson@nrtc.northrop.com ------------------------------------------------------------------------------- Greg Johnson; johnson@nrtc.northrop.com | a well-written program Northrop Grumman Corp., Mail Stop 9B44/GB | is like an 8900 E. Washington Blvd., Pico Rivera, CA 90660| e. e. cummings Voice: (562) 942-6593; FAX: (562) 948-8852 | poem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9806282150.AA20757>