Date: Thu, 30 Mar 2000 00:53:00 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Scott Hansen <shansen@astound.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Networking Troubles w/ 2 interfaces using IPFW and NATD Message-ID: <20000330005300.E17852@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <NDBBLJHPBIICOFIPHGEBKELFCAAA.shansen@astound.net>; from shansen@astound.net on Wed, Mar 29, 2000 at 05:30:23PM -0600 References: <NDBBLJHPBIICOFIPHGEBKELFCAAA.shansen@astound.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 29, 2000 at 05:30:23PM -0600, Scott Hansen wrote: > Hi all - > > I've recently setup 3.4-stable and am trying to get back into the FreeBSD > world after having fallen behind the last 3 years. I have two NIC's in my > box that I hope to be able to do NAT with so I can setup multiple PC's at > home. My connection to the Internet is with a cable modem connection from > my ISP. I have been successful in getting it DHCP functionality to work to > obtain an IP address from my ISP on this box. I have the internal interface > working perfectly. > > I'm now in the process of trying to setup NATD to run. For the life of me I > can not figure out what I'm doing wrong...but I can not get the external > interface to work. I can obtain an address just fine from the DHCP > server...so I know the interface is working to some extent, but I can not > ping any host by IP what-so-ever. > > I've recompiled the kernel to include the IPFIREWALL and IPDIVER options. > > I've issued the sysctl -w net.inet.ip.forwarding=1 command to enable the box > to act as a router and added "gateway_enable='YES'", "natd_enable='YES'", > and "natd_interface='xl0'" to the rc.conf file. You should add 'natd_flags="-dynamic"' if you have DHCP donfiguring the xl0 interface. > I've added the "natd 6668/divert" entry to my /etc/services file. > > I've added "/sbin/ipfw -f flush", "/sbin/ipfw add divert natd all from any > to any via xl0", and "/sbin/ipfw/add pass all from any to any" to my > /etc/rc.firewall file. > > I've issued the firewall=client sh /etc/rc.firewall command. Could we see how you have your firewall setup? Saying you added those lines and then mentioning you are using the distributed "client" setup is somewhat contradictory. While getting things to work, use the stock rc.firewall and set 'firewall_type="open"' in rc.conf; the natd divert is in the stock rc.firewall. Once that is working you can start adding restrictive rules. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000330005300.E17852>