From owner-freebsd-questions  Tue Mar 16 23:46:41 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from lionking.org (blacker-99.caltech.edu [131.215.86.99])
	by hub.freebsd.org (Postfix) with ESMTP id 829F01505F
	for <freebsd-questions@FreeBSD.org>; Tue, 16 Mar 1999 23:46:03 -0800 (PST)
	(envelope-from prowl@lionking.org)
Received: from blacker-99.caltech.edu (prowl@blacker-99.caltech.edu [131.215.86.99])
	by lionking.org (8.9.3/8.9.3) with ESMTP id XAA25562
	for <freebsd-questions@FreeBSD.org>; Tue, 16 Mar 1999 23:45:45 -0800 (PST)
Date: Tue, 16 Mar 1999 23:45:45 -0800 (PST)
From: Paul Summers <prowl@lionking.org>
To: freebsd-questions@FreeBSD.org
Subject: Really odd natd/ipfw problem.
Message-ID: <Pine.BSF.4.10.9903162300210.22118-100000@lionking.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


	I've been scratching my head over this one for some time. Any
ideas would be greatly appreciated. 

	The situation is: One box running FreeBSD 3.1-RELEASE acting as a
gateway for a subnet of mixed hosts. natd/ipfw/named/dhcpc installed and
running. Everything is working fine, except I can not connect to the
gateway from a remote host. I can however connect to remote hosts from the
gateway and subnet.

	I suspect a firewall issue, though I can not track down the
problem. I can connect to the gateway from a remote host if I remove ipfw
alltogether from the kernel and rc.conf. (Which prevents natd from
working)

	ifconfig -a reports:

	vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	        inet 172.16.0.1 netmask 0xffff0000 broadcast 255.255.255.0
	<lp0 snipped>
	ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 		inet (dynamicly assigned IP here) netmask 0xffffff00
broadcast (dynamic IP.255)
	<tun0 snipped>
	<sl0 sniped>
	<ppp0 snipped>
	<lo0 snipped>

	ep0 being the dynamically configured public nic, and vr0 being the
private lan nic. Both adapters are working fine, as is DHCPC. (wide-dhcp)

	natd, when running in verbose mode, reports that incomming
requests are being dropped. 

	ipfw list reports:

	00100 divert 8668 ip from any to any via ep0
	00100 allow ip from any to any via lo0
	00200 deny ip from any to 127.0.0.0/8
	65000 allow ip from any to any
	65536 deny ip from any to any

	firewall_type is set to 'open' in rc.conf

	So, for all intensive purposes, this should be working. But, it's
not. Any assistance in getting outside connections to work would be
greatly appreciated. 


Paul



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message