Date: Mon, 24 Mar 2003 20:04:36 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: stable@freebsd.org Subject: Re: Natd stops working on Firewall Message-ID: <20030324194108.P703-100000@fubar.adept.org> In-Reply-To: <PAEEIJCHPFHEDADDGJFLEEHJDNAA.scotrn@cox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Mar 2003, Scot wrote: > Just setup my FreeBSD 4.7 Firewall using the docs > outlined in the handbook. The install went on and > everything seems to be working fine then boom. > The system seems to stop routing traffic. No > messages in the security log or natd log as to why. What happened when things stopped working? (What was going on when it went boom?) Does /var/log/messages say anything? > I made sure it was logging by nmaping my box from the > outside. I even ran natd in the foreground and it still didn't > tell me what was going on. I assume you mean with -verbose or -v? What flags do you usually give natd (maybe paste natd.conf, if used)? > There is nothing in any logfile that tells me why this thing > just stops working so I'm thinking it may not be a daemon but > something in the kernel. More on this below... > I cannot ping the interface from the internal network but tcpdump shows > the packets being received. (Hub network firewall_type=SIMPLE ). You edited rc.firewall $oif, $onet, etc. variables for your setup, correct? I'd assume so or it wouldn't work at all. Take a look at your rules with ipfw list or show. Is ICMP allowed? Also see firewall(7) for more helpful notes. > If I logon to the console the cable modem connection is still functioning > and I can surf from the firewall. So it's just the internal clients that cease to function? If the firewall/gateway itself is working properly, that may explain the lack of problematic output in log files noted above. OTOH, if you `sh rc.firewall` with firewall_type="open" do the clients immediately begin to work? Is this something that works again each time you reboot? Have you had this working in the past, or is this a first attempt? -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." --Sleater-Kinney, "Combat Rock" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030324194108.P703-100000>