Date: Wed, 18 Nov 1998 10:10:17 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Doug White <dwhite@resnet.uoregon.edu> Cc: ?ukasz Misiuda <luk@albion.albion.pl>, freebsd-questions@FreeBSD.ORG Subject: Re: natd not working Message-ID: <19981118101017.A756@ucb.crimea.ua> In-Reply-To: <Pine.BSF.4.03.9811170915400.6774-100000@resnet.uoregon.edu>; from Doug White on Tue, Nov 17, 1998 at 09:18:09AM -0800 References: <19981117092934.A1897@ucb.crimea.ua> <Pine.BSF.4.03.9811170915400.6774-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
On Tue, Nov 17, 1998 at 09:18:09AM -0800, Doug White wrote:
> On Tue, 17 Nov 1998, Ruslan Ermilov wrote:
>
> > On Mon, Nov 16, 1998 at 04:47:20PM -0800, Doug White wrote:
> > > On Mon, 16 Nov 1998, [ISO-8859-2] Łukasz Misiuda wrote:
> > >
> > > > LAN - ed0 - ethrnet
> > > > WAN - ppp0 - leased line (pppd)
> > >
> > > Standard issue.
> > >
> > > > I followed all suggestions in 'man', e.g.:
> > > >
> > > > -kernel with IPFIREWALL, and IPDIVERT
> > > > -ip forwarding
> > > > -ipfw rule: ipfw add divert natd all from any to any via ppp0
> > > > -starting natd (from console): natd -v -n ppp0
> > > ^^^^
> > >
> > > Oops, this should be ed0. See the natd man page.
> > >
> >
> > Why it should be ed0? Bother to explain?
>
> Sure. You want the packets to be translated from the outside world's
> address to your internal network. The -n (aka -interface) option takes
> the IP address and netmask of the named interface for the destination
> translation address. You want the LAN hidden from the rest of the world,
> not the rest of the world hidden by the LAN. :)
>
His network configuration is as follows:
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet 195.116.4.145 netmask 0xfffffff0 broadcast 195.116.4.159
ether 00:c0:df:a8:7a:26
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 195.116.4.145 --> 195.116.4.12 netmask 0xffffff00
He should specify his public (i.e. ppp0) interface for natd.
He doesn't want to specify ed0, because in this case natd
will take 192.168.1.1 as a public IP.
He should specify -dynamic, anyway.
See attachment.
Best regards,
--
Ruslan Ermilov Sysadmin and DBA of the
ru@ucb.crimea.ua United Commercial Bank
+380.652.247.647 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
--C7zPtVaVf+AK4Oqc
Content-Type: message/rfc822
Received: from albion.albion.pl (albion.albion.pl [195.116.4.145])
by relay.ucb.crimea.ua (8.8.8/8.8.8) with ESMTP id OAA07943
for <ru@ucb.crimea.ua>; Mon, 16 Nov 1998 14:48:17 +0200 (EET)
(envelope-from luk@albion.albion.pl)
Received: from localhost (luk@localhost)
by albion.albion.pl (8.8.8/8.8.8) with SMTP id NAA16535
for <ru@ucb.crimea.ua>; Mon, 16 Nov 1998 13:42:28 +0100 (CET)
(envelope-from luk@albion.albion.pl)
Date: Mon, 16 Nov 1998 13:42:18 +0100 (CET)
From: =?ISO-8859-2?Q?=A3ukasz_Misiuda?= <luk@albion.albion.pl>
To: Ruslan Ermilov <ru@ucb.crimea.ua>
Subject: Re: natd not working
In-Reply-To: <19981116141440.E1664@ucb.crimea.ua>
Message-ID: <Pine.BSF.4.02A.9811161341100.16493-100000@albion.albion.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Thaks fo fast response..
Here You are:
On Mon, 16 Nov 1998, Ruslan Ermilov wrote:
> Hi!
>
> In order to help you I would like to see the output of:
>
> 1. ifconfig -a
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet 195.116.4.145 netmask 0xfffffff0 broadcast 195.116.4.159
ether 00:c0:df:a8:7a:26
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 195.116.4.145 --> 195.116.4.12 netmask 0xffffff00
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
> 2. ipfw list
00500 divert 8668 ip from any to any via ppp0
00600 allow ip from any to any
65535 deny ip from any to any
> 3. sysctl net.inet.ip
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 40000
net.inet.ip.portrange.hilast: 44999
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 473
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 0
net.inet.ip.accept_sourceroute: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.fw.debug: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 300
>
> On Mon, Nov 16, 1998 at 12:47:48PM +0100, ?ukasz Misiuda wrote:
> >
> > Hello!
> >
> > I've decided to write to You, because all possibilities that I could
> > tried faild.
> >
> > Shortly - my network
> >
> >
> > LAN - ed0 - ethrnet
> > WAN - ppp0 - leased line (pppd)
> >
> > when system starts rc.network starts pppd to my provider, and I get
> > address of his and mine.
> >
> >
> > I followed all suggestions in 'man', e.g.:
> >
> > -kernel with IPFIREWALL, and IPDIVERT
> > -ip forwarding
> > -ipfw rule: ipfw add divert natd all from any to any via ppp0
> > -starting natd (from console): natd -v -n ppp0
> >
> >
> > My system is 2.2.7-stable
> >
> >
> > To be correct. So far all computers in LAN have inet addresses,
> > so I've assigned the same IP to ed0 (from ppp0). I've assigned
> > 192.168.1.1 address to ethernet also. Now some computers have
> > addresses from 192.168.1.0 network, and some still have
> > inet addressess to network work continuosly,
> > and what I expect is to translate that addresses (192.168.1.0/24) to the
> > address of ppp0.
> >
> > Unfortunally it works in quite strange way.
> >
> > Addressess from inet are aliased to themselves,
> > and addresses from 192.. are not even beinig noticed, and are
> > passed with 192. in their headres to the world, natd enen don't see it.
> >
> > I don't know what to do.
> >
> > I've tried to make rules for ipfw so that packets received from ed0
> > are passed to port of natd, but this did not work. I've tried to put the
> > intet address of ed0 down (so that packets could not go through lo0 in
> > some way ?) and leave only 192... address on the ethernet, failed.
> >
> > I've read that user ppp can do it internally (-alias option ?),
> > but it does not help me, because we plan to move from leased line to
> > ethernet to access the world.
> >
> > Please help me spot the problem, or maybe it does not work yet??
>
> It works great.
>
> Best regards,
> --
> Ruslan Ermilov Sysadmin and DBA of the
> ru@ucb.crimea.ua United Commercial Bank
> +380.652.247.647 Simferopol, Ukraine
>
> http://www.FreeBSD.org The Power To Serve
> http://www.oracle.com Enabling The Information Age
>
--C7zPtVaVf+AK4Oqc--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981118101017.A756>