From owner-freebsd-questions Wed Nov 18 00:26:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA01784 for freebsd-questions-outgoing; Wed, 18 Nov 1998 00:26:58 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [194.93.177.113]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA01600 for ; Wed, 18 Nov 1998 00:24:20 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.8.8/8.8.8) id KAA01973; Wed, 18 Nov 1998 10:10:18 +0200 (EET) (envelope-from ru) Date: Wed, 18 Nov 1998 10:10:17 +0200 From: Ruslan Ermilov To: Doug White Cc: ?ukasz Misiuda , freebsd-questions@FreeBSD.ORG Subject: Re: natd not working Message-ID: <19981118101017.A756@ucb.crimea.ua> Mail-Followup-To: Doug White , ?ukasz Misiuda , freebsd-questions@FreeBSD.ORG References: <19981117092934.A1897@ucb.crimea.ua> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=C7zPtVaVf+AK4Oqc Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.94.15i In-Reply-To: ; from Doug White on Tue, Nov 17, 1998 at 09:18:09AM -0800 X-Operating-System: FreeBSD 2.2.7-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit On Tue, Nov 17, 1998 at 09:18:09AM -0800, Doug White wrote: > On Tue, 17 Nov 1998, Ruslan Ermilov wrote: > > > On Mon, Nov 16, 1998 at 04:47:20PM -0800, Doug White wrote: > > > On Mon, 16 Nov 1998, [ISO-8859-2] Łukasz Misiuda wrote: > > > > > > > LAN - ed0 - ethrnet > > > > WAN - ppp0 - leased line (pppd) > > > > > > Standard issue. > > > > > > > I followed all suggestions in 'man', e.g.: > > > > > > > > -kernel with IPFIREWALL, and IPDIVERT > > > > -ip forwarding > > > > -ipfw rule: ipfw add divert natd all from any to any via ppp0 > > > > -starting natd (from console): natd -v -n ppp0 > > > ^^^^ > > > > > > Oops, this should be ed0. See the natd man page. > > > > > > > Why it should be ed0? Bother to explain? > > Sure. You want the packets to be translated from the outside world's > address to your internal network. The -n (aka -interface) option takes > the IP address and netmask of the named interface for the destination > translation address. You want the LAN hidden from the rest of the world, > not the rest of the world hidden by the LAN. :) > His network configuration is as follows: ed0: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet 195.116.4.145 netmask 0xfffffff0 broadcast 195.116.4.159 ether 00:c0:df:a8:7a:26 ppp0: flags=8051 mtu 1500 inet 195.116.4.145 --> 195.116.4.12 netmask 0xffffff00 He should specify his public (i.e. ppp0) interface for natd. He doesn't want to specify ed0, because in this case natd will take 192.168.1.1 as a public IP. He should specify -dynamic, anyway. See attachment. Best regards, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --C7zPtVaVf+AK4Oqc Content-Type: message/rfc822 Received: from albion.albion.pl (albion.albion.pl [195.116.4.145]) by relay.ucb.crimea.ua (8.8.8/8.8.8) with ESMTP id OAA07943 for ; Mon, 16 Nov 1998 14:48:17 +0200 (EET) (envelope-from luk@albion.albion.pl) Received: from localhost (luk@localhost) by albion.albion.pl (8.8.8/8.8.8) with SMTP id NAA16535 for ; Mon, 16 Nov 1998 13:42:28 +0100 (CET) (envelope-from luk@albion.albion.pl) Date: Mon, 16 Nov 1998 13:42:18 +0100 (CET) From: =?ISO-8859-2?Q?=A3ukasz_Misiuda?= To: Ruslan Ermilov Subject: Re: natd not working In-Reply-To: <19981116141440.E1664@ucb.crimea.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Thaks fo fast response.. Here You are: On Mon, 16 Nov 1998, Ruslan Ermilov wrote: > Hi! > > In order to help you I would like to see the output of: > > 1. ifconfig -a ed0: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet 195.116.4.145 netmask 0xfffffff0 broadcast 195.116.4.159 ether 00:c0:df:a8:7a:26 tun0: flags=8010 mtu 1500 tun1: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 sl1: flags=c010 mtu 552 ppp0: flags=8051 mtu 1500 inet 195.116.4.145 --> 195.116.4.12 netmask 0xffffff00 ppp1: flags=8010 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 > 2. ipfw list 00500 divert 8668 ip from any to any via ppp0 00600 allow ip from any to any 65535 deny ip from any to any > 3. sysctl net.inet.ip net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 40000 net.inet.ip.portrange.hilast: 44999 net.inet.ip.forwarding: 1 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 473 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 50 net.inet.ip.intr_queue_drops: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.fw.debug: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 300 > > On Mon, Nov 16, 1998 at 12:47:48PM +0100, ?ukasz Misiuda wrote: > > > > Hello! > > > > I've decided to write to You, because all possibilities that I could > > tried faild. > > > > Shortly - my network > > > > > > LAN - ed0 - ethrnet > > WAN - ppp0 - leased line (pppd) > > > > when system starts rc.network starts pppd to my provider, and I get > > address of his and mine. > > > > > > I followed all suggestions in 'man', e.g.: > > > > -kernel with IPFIREWALL, and IPDIVERT > > -ip forwarding > > -ipfw rule: ipfw add divert natd all from any to any via ppp0 > > -starting natd (from console): natd -v -n ppp0 > > > > > > My system is 2.2.7-stable > > > > > > To be correct. So far all computers in LAN have inet addresses, > > so I've assigned the same IP to ed0 (from ppp0). I've assigned > > 192.168.1.1 address to ethernet also. Now some computers have > > addresses from 192.168.1.0 network, and some still have > > inet addressess to network work continuosly, > > and what I expect is to translate that addresses (192.168.1.0/24) to the > > address of ppp0. > > > > Unfortunally it works in quite strange way. > > > > Addressess from inet are aliased to themselves, > > and addresses from 192.. are not even beinig noticed, and are > > passed with 192. in their headres to the world, natd enen don't see it. > > > > I don't know what to do. > > > > I've tried to make rules for ipfw so that packets received from ed0 > > are passed to port of natd, but this did not work. I've tried to put the > > intet address of ed0 down (so that packets could not go through lo0 in > > some way ?) and leave only 192... address on the ethernet, failed. > > > > I've read that user ppp can do it internally (-alias option ?), > > but it does not help me, because we plan to move from leased line to > > ethernet to access the world. > > > > Please help me spot the problem, or maybe it does not work yet?? > > It works great. > > Best regards, > -- > Ruslan Ermilov Sysadmin and DBA of the > ru@ucb.crimea.ua United Commercial Bank > +380.652.247.647 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > --C7zPtVaVf+AK4Oqc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message