Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Jun 2000 16:12:49 +0400 (MSD)
From:      =?koi8-r?B?8dLP28XOy88g88XSx8XK?= <jaroshenko@mail.ru>
To:        freebsd-questions@FreeBSD.ORG
Subject:   ipfilter,ipnat and forwarding de0 <-> tun0
Message-ID:  <Pine.BSF.4.21.0006211453080.2623-100000@freebsd.merlin.ru>
next in thread | raw e-mail | index | archive | help 

Hi!
Problem:

My FreeBSD-4.0-STABLE box (gateway to Internet) after 
startup (or reboot) do not forwarding de0 <-> tun0.

1) In rc.conf
gateway_enable="YES"
ifconfig_de0="inet 192.168.5.1 netmask 0xffffff00 media 10base2/BNC"
tcp_extensions="YES"

2) rc.local
ipf   -Fa -f /etc/ipf.rc
ipmon -Ds
ipnat -CF -f /etc/nat.rc

3) kernel config:
options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
...
device          de              # DEC/Intel DC21x4x (``Tulip'')
pseudo-device   tun     1       # Packet tunnel.
pseudo-device   ether           # Ethernet support

4) "uname -a"

FreeBSD freebsd.merlin.ru 4.0-STABLE FreeBSD 4.0-STABLE #0: Tue Jun 20
14:14:36 MSD 2000 root@freebsd.merlin.ru:/usr/src/sys/compile/FREEBSD i386


5) After reboot (or plain startup):

[root@freebsd handbook]# ifconfig -a
de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
        ether 00:80:48:da:1f:56
        media: 10base2/BNC status: active
        supported media: autoselect 10base5/AUI 10base2/BNC 10baseT/UTP
<full-duplex> 10baseT/UTP
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xffffff00
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 212.96.98.37 --> 212.96.98.7 netmask 0xffffffff
        Opened by PID 409

[root@freebsd handbook]# ipnat -ls
mapped  in      0       out     0
added   0       expired 0
inuse   0
rules   3
List of active MAP/Redirect filters:
map tun0 192.168.5.0/24  -> 0.0.0.0/32  proxy port ftp ftp/tcp
map tun0 192.168.5.0/24  -> 0.0.0.0/32  portmap tcp/udp 10000:65000
map tun0 192.168.5.0/24  -> 0.0.0.0/32
List of active sessions:
[root@freebsd handbook]#



Users in my lan can't connect to any Internet site and 
"tcpdump -i de0" show black screen - no packets from or to lan.
I go in single user mode ("init 1") and go again multiuser mode, connect
to Internet and all WORK... 
users connect to any Internet site 
"ipnat -ls" show list of active sessions
"tcpdump -i de0" show packets.

1) Why NAT not work after reboot but work after "init 1"?

2) How do NAT work after reboot (or startup) ?

Sorry for bad english.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006211453080.2623-100000>