From owner-freebsd-questions Wed Dec 1 16:34:33 1999 Delivered-To: freebsd-questions@freebsd.org Received: from hpdmraaa.compuserve.com (dh-img-rel-1.compuserve.com [149.174.206.132]) by hub.freebsd.org (Postfix) with ESMTP id 024BE14BF8 for ; Wed, 1 Dec 1999 16:34:21 -0800 (PST) (envelope-from nat@unixlover.com) Received: (from mailgate@localhost) by hpdmraaa.compuserve.com (8.8.8/8.8.8/HP-REL-1.2) id TAA18605 for freebsd-questions@freebsd.org; Wed, 1 Dec 1999 19:32:00 -0500 (EST) Received: from vedika (1Cust45.tnt7.lax1.da.uu.net [63.24.150.45]) by hpdmraaa.compuserve.com (8.8.8/8.8.8/HP-REL-1.2) with SMTP id TAA18575 for ; Wed, 1 Dec 1999 19:31:53 -0500 (EST) Message-ID: <001801bf3c5c$75bf6ac0$2d96183f@vedika> From: "nat" To: Subject: natd not working properly. firewall problem? Date: Wed, 1 Dec 1999 16:30:37 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0015_01BF3C19.666669E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0015_01BF3C19.666669E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have set up natd by the manual. I have a cable modem and two nics. what i am trying to do is share the internet with other users on my LAN. The cable modem is currently setup on device de1 properly and works for the "local" user. Now, throgh the clients I can only contact the network card (de1) that the cable modem is connected to. I cannot contact the outside network. The de0 interface is the one on the internal network and is set to 192.168.0.1. All of the clients have this as the default router. these are my firewall settings (please tell me which ones are wrong): #Flush out the list before we begin. $fwcmd -f flush # divert $fwcmd add 1 divert natd from any to any via de0 # allow by default $fwcmd add 65000 allow all from any to any # 50-99: trusted hosts =20 $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224 $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any $fwcmd add 52 allow ip from 24.1.183.147 to any $fwcmd add 53 allow ip from any to 24.1.183.147 =20 # 1000-1999: DoS/hack prevention $fwcmd add 1000 deny tcp from any to any 1080 $fwcmd add 1001 deny tcp from any to any 12345 $fwcmd add 1002 deny tcp from any to any 31337 $fwcmd add 1003 deny tcp from any to any 111 $fwcmd add 1004 deny tcp from any to any 87 $fwcmd add 1005 deny tcp from any to any 2049 $fwcmd add 1006 deny tcp from any to any 512 $fwcmd add 1007 deny tcp from any to any 513 $fwcmd add 1008 deny tcp from any to any 514 $fwcmd add 1009 deny tcp from any to any 515 $fwcmd add 1010 deny tcp from any to any 540 =20 *this is in the /etc/rc.firewall file. =20 This is what i have set up for rc.conf: firewall_enable=3D"YES" natd_enable=3D"YES" =20 natd_interface=3D"de0" named_enable=3D"YES" =20 gateway_enable=3D"YES" this is the output of the ifconfig -a command: de0: flags=3D8843 mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:40:05:a2:c9:4b media: autoselect (10baseT/UTP) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP de1: flags=3D8843 mtu 1500 inet 24.1.177.140 netmask 0xffffff00 broadcast 24.1.177.255 ether 00:40:05:a2:c9:49 media: autoselect (10baseT/UTP) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP lp0: flags=3D8810 mtu 1500 tun0: flags=3D8010 mtu 1500 sl0: flags=3Dc010 mtu 552 ppp0: flags=3D8010 mtu 1500 lo0: flags=3D8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 This is the output of the netstat -rn command: =20 Internet: Destination Gateway Flags Refs Use Netif = Expire default 24.1.177.1 UGSc 14 55 de0 24.1.177/24 link#1 UC 0 0 de0 24.1.177.1 link#1 UHLW 14 0 de0 127.0.0.1 127.0.0.1 UH 1 4 lo0 192.168 link#2 UC 0 0 de1 192.168.0.3 0:40:5:a3:38:a4 UHLW 2 76 de1 = 1183 I think that is how you set it up.=20 =20 There is also one last strange thing that I think might be the problem. Right before it prints out gateway=3Dyes it says tcpextensions=3Dno. Im not sure what that means either. I am using the Cox@home network so please help me if you can. =20 Thank you, =20 nat ------=_NextPart_000_0015_01BF3C19.666669E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have set up natd by the manual. I have a cable = modem and=20 two
nics. what i am trying to do is share the internet = with other=20 users
on my LAN. The cable modem is currently setup on = device=20 de1
properly and works for the "local" = user.
 
Now, throgh the clients I can only contact the = network card=20 (de1)
that the cable modem is connected to. I cannot = contact the=20 outside
network.
 
The de0 interface is the one on the internal network = and is=20 set to
192.168.0.1. All of the clients have this as the = default=20 router.
 
these are my firewall settings (please tell me which = ones are=20 wrong):
#Flush out the list before we begin.
$fwcmd -f=20 flush
 
# divert
$fwcmd add 1 divert natd from any to any = via=20 de0
 
# allow by default
$fwcmd add 65000 allow all = from any to=20 any
 
# 50-99: trusted hosts  
$fwcmd add 50 = allow ip=20 from any to 207.171.202.198:255.255.255.224
$fwcmd add 51 allow ip = from=20 207.171.202.198:255.255.255.224 to any
$fwcmd add 52 allow ip from=20 24.1.183.147 to any
$fwcmd add 53 allow ip from any to=20 24.1.183.147
       
# = 1000-1999:=20 DoS/hack prevention
$fwcmd add 1000 deny tcp from any to any = 1080
$fwcmd=20 add 1001 deny tcp from any to any 12345
$fwcmd add 1002 deny tcp from = any to=20 any 31337
$fwcmd add 1003 deny tcp from any to any 111
$fwcmd add = 1004=20 deny tcp from any to any 87
$fwcmd add 1005 deny tcp from any to any=20 2049
$fwcmd add 1006 deny tcp from any to any 512
$fwcmd add 1007 = deny tcp=20 from any to any 513
$fwcmd add 1008 deny tcp from any to any = 514
$fwcmd=20 add 1009 deny tcp from any to any 515
$fwcmd add 1010 deny tcp from = any to=20 any 540
 
*this is in the /etc/rc.firewall file.
 
This is what i have set up for rc.conf:
 
firewall_enable=3D"YES"
natd_enable=3D"YES"  =20
natd_interface=3D"de0"
named_enable=3D"YES" =20
gateway_enable=3D"YES"
 
this is the output of the ifconfig -a=20 command:
 
de0:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500
        inet 192.168.0.1 = netmask=20 0xffffff00 broadcast = 192.168.0.255
       =20 ether 00:40:05:a2:c9:4b
        = media:=20 autoselect (10baseT/UTP) status:=20 active
        supported media: = autoselect=20 100baseTX <full-duplex> 100baseTX
10baseT/UTP = <full-duplex>=20 10baseT/UTP
de1: = flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500
        inet 24.1.177.140 = netmask=20 0xffffff00 broadcast = 24.1.177.255
       =20 ether 00:40:05:a2:c9:49
        = media:=20 autoselect (10baseT/UTP) status:=20 active
        supported media: = autoselect=20 100baseTX <full-duplex> 100baseTX
10baseT/UTP = <full-duplex>=20 10baseT/UTP
lp0: flags=3D8810<POINTOPOINT,SIMPLEX,MULTICAST> = mtu=20 1500
tun0: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: = flags=3Dc010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0:=20 flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
lo0:=20 flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu=20 16384
        inet 127.0.0.1 = netmask=20 0xff000000

This is the output of the netstat -rn command:
 
Internet:
Destination      &nbs= p;=20 Gateway           = =20 Flags     Refs    =20 Use     Netif=20 Expire
default         &n= bsp; =20 24.1.177.1        =20 UGSc       = 14      =20 55     =20 de0
24.1.177/24       =20 link#1           &= nbsp;=20 UC         =20 0        = 0     =20 de0
24.1.177.1        =20 link#1           &= nbsp;=20 UHLW      =20 14        = 0     =20 de0
127.0.0.1         =20 127.0.0.1         =20 UH         =20 1        = 4     =20 lo0
192.168          = ; =20 link#2           &= nbsp;=20 UC         =20 0        = 0     =20 de1
192.168.0.3       =20 0:40:5:a3:38:a4    = UHLW       =20 2       76     =20 de1   1183
 
I think that is how you set it up.
 
There is also one last strange thing that I think = might be the=20 problem.
Right before it prints out gateway=3Dyes it says=20 tcpextensions=3Dno.
Im not sure what that means either.
 
I am using the Cox@home network so please=20 help me if you can.
 
Thank you,
 
nat
------=_NextPart_000_0015_01BF3C19.666669E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message