From owner-freebsd-questions  Wed Mar 29 21:53:14 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 09BE837B6D9
	for <freebsd-questions@FreeBSD.ORG>; Wed, 29 Mar 2000 21:53:07 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id AAA18758;
	Thu, 30 Mar 2000 00:53:00 -0500 (EST)
	(envelope-from cjc)
Date: Thu, 30 Mar 2000 00:53:00 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Scott Hansen <shansen@astound.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Networking Troubles w/ 2 interfaces using IPFW and NATD
Message-ID: <20000330005300.E17852@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <NDBBLJHPBIICOFIPHGEBKELFCAAA.shansen@astound.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <NDBBLJHPBIICOFIPHGEBKELFCAAA.shansen@astound.net>; from shansen@astound.net on Wed, Mar 29, 2000 at 05:30:23PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Mar 29, 2000 at 05:30:23PM -0600, Scott Hansen wrote:
> Hi all -
> 
> I've recently setup 3.4-stable and am trying to get back into the FreeBSD
> world after having fallen behind the last 3 years.  I have two NIC's in my
> box that I hope to be able to do NAT with so I can setup multiple PC's at
> home.  My connection to the Internet is with a cable modem connection from
> my ISP. I have been successful in getting it DHCP functionality to work to
> obtain an IP address from my ISP on this box.  I have the internal interface
> working perfectly.
> 
> I'm now in the process of trying to setup NATD to run.  For the life of me I
> can not figure out what I'm doing wrong...but I can not get the external
> interface to work.  I can obtain an address just fine from the DHCP
> server...so I know the interface is working to some extent, but I can not
> ping any host by IP what-so-ever.
> 
> I've recompiled the kernel to include the IPFIREWALL and IPDIVER options.
> 
> I've issued the sysctl -w net.inet.ip.forwarding=1 command to enable the box
> to act as a router and added "gateway_enable='YES'", "natd_enable='YES'",
> and "natd_interface='xl0'" to the rc.conf file.

You should add 'natd_flags="-dynamic"' if you have DHCP donfiguring the
xl0 interface.

> I've added the "natd  6668/divert" entry to my /etc/services file.
> 
> I've added "/sbin/ipfw -f flush", "/sbin/ipfw add divert natd all from any
> to any via xl0", and "/sbin/ipfw/add pass all from any to any" to my
> /etc/rc.firewall file.
> 
> I've issued the firewall=client sh /etc/rc.firewall command.

Could we see how you have your firewall setup? Saying you added those
lines and then mentioning you are using the distributed "client" setup
is somewhat contradictory. While getting things to work, use the stock
rc.firewall and set 'firewall_type="open"' in rc.conf; the natd divert
is in the stock rc.firewall. Once that is working you can start adding
restrictive rules.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message