Date: Wed, 9 Oct 2002 21:06:36 +0300 From: "D. Penev" <dpenev@mail.bg> To: "2005 - Chill, Samuel Thomas" <stchill@mccallie.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Puzzling Simple NATD and IPFW Problem Message-ID: <20021009180636.GA253@earth.dpsca.bg> In-Reply-To: <200210090000.AA367133064@mail.mccallie.org> References: <200210090000.AA367133064@mail.mccallie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 09, 2002 at 12:00:25AM -0400, 2005 - Chill, Samuel Thomas wrote:
>Date: Wed, 9 Oct 2002 00:00:25 -0400
>From: "2005 - Chill, Samuel Thomas" <stchill@mccallie.org>
>To: <freebsd-questions@FreeBSD.ORG>
>Subject: Re: Puzzling Simple NATD and IPFW Problem
>
>Here is the info. Hope it helps solve this problem.
># ifconfig -a
>rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet6 fe80::201:aff:fe10:815b%rl0 prefixlen 64 scopeid 0x1
> inet 68.59.237.192 netmask 0xfffff800 broadcast 68.59.239.255
> ether 00:01:0a:10:81:5b
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
> inet6 fe80::2d0:9ff:fec6:15ed%rl1 prefixlen 64 scopeid 0x2
> ether 00:d0:09:c6:15:ed
> media: Ethernet autoselect (10baseT/UTP)
> status: active
>lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
>sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
>faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
> inet 127.0.0.1 netmask 0xff000000
>ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
>
># ipfw -a l
>00100 160 72611 divert 8668 ip from any to any via rl0
>00200 661 115174 allow ip from any to any
>65535 4 581 deny ip from any to any
>
># netstat -rn
>Routing tables
>
>Internet:
>Destination Gateway Flags Refs Use Netif Expire
>default 68.59.232.1 UGSc 9 5 rl0
>10/24 link#2 UC 2 0 rl1
>10.0.0.3 00:04:5a:53:4d:92 UHLW 2 2109 rl1 241
>10.0.0.4 00:04:5a:53:4d:92 UHLW 2 679 rl1 1050
>68.59.232/21 link#1 UC 2 0 rl0
>68.59.232.1 00:02:fc:82:f0:54 UHLW 10 0 rl0 1199
>68.59.237.177 00:02:fc:82:f0:70 UHLW 0 6 rl0 163
>68.59.237.192 127.0.0.1 UGHS 0 0 lo0
>127.0.0.1 127.0.0.1 UH 1 0 lo0
>
>Internet6:
>Destination Gateway Flags Netif Expire
>::1 ::1 UH lo0
>fe80::%rl0/64 link#1 UC rl0
>fe80::201:aff:fe10:815b%rl0 00:01:0a:10:81:5b UHL lo0
>fe80::%rl1/64 link#2 UC rl1
>fe80::2d0:9ff:fec6:15ed%rl1 00:d0:09:c6:15:ed UHL lo0
>fe80::%lo0/64 fe80::1%lo0 Uc lo0
>fe80::1%lo0 link#6 UHL lo0
>ff01::/32 ::1 U lo0
>ff02::%rl0/32 link#1 UC rl0
>ff02::%rl1/32 link#2 UC rl1
>ff02::%lo0/32 ::1 UC lo0
>
># sysctl net.inet.ip.forwarding
>net.inet.ip.forwarding: 1
>
># ps -aux |grep nat
>root 216 0.0 0.1 436 292 ?? Is 6:13PM 0:00.01 natd -interface rl0
what ps x | grep natd show ? In principle if natd is started from rc.network
first argument must be $natd_flags and then $natd_interface.
>
>
># cat /etc/rc.conf
>gateway_enable="YES"
>firewall_enable="YES"
>firewall_type="/etc/rc.ipfw-queue"
>firewall_quiet="NO"
>natd_enabled="YES"
^
Is this error really exist in rc.conf ?
>natd_interface="rl0"
>natd_flags="-f /etc/natd.conf"
>hostname=".andrsn01.tn.comcast.net"
>ifconfig_rl0="DHCP"
>ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0"
>inetd_enable="YES"
>kern_securelevel_enable="NO"
>linux_enable="YES"
>lpd_enable="YES"
>nfs_reserved_port_only="YES"
>sendmail_enable="YES"
>sshd_enable="YES"
>usbd_enable="YES"
>
># cat /etc/natd.conf
>dynamic yes
>use_sockets yes
>same_ports yes
>unregistered_only
>---------- Original Message ----------------------------------
>From: Nick Rogness <nick@rogness.net>
>Date: Tue, 8 Oct 2002 15:38:00 -0600 (MDT)
>
>On Tue, 8 Oct 2002, 2005 - Chill, Samuel Thomas wrote:
>
>> I have ipfirewall, ipdivert, and dummynet all compiled into my kernel. I
>> am able to run run natd and to specify rules with ipfw, i can also ping
>> my external interface. My internal network card (rl1) is 10.0.0.1 and my
>> lan clients are running on 10.0.0.x. I can ping everything, the network
>> is setup properly. Im using the default rules supplied in the man page
>> and apperently natd is not passing them on. I cant ping or go to any
>> website at all. The lan clients have 10.0.0.1 set as there default
>> gateway. rl0 is connected to the cable modem and gets it ip via dhcp.
>> The freebsd box can ping any thing but apparently nothing is forwarded
>> to the external interface. I have double checked and reinstalled
>> multiple times and it seems that it is bound to never work!
>
> Do you have gateway_enable="YES" in /etc/rc.conf?
>
> What do the following show when you run them (just paste them in a
> reply):
>
> # ifconfig -a
> # netstat -rn
> # ipfw -a l
> # sysctl net.inet.ip.forwarding
> # ps -aux |grep nat
> # cat /etc/rc.conf
>
>Nick Rogness <nick@rogness.net>
>- WARNING TO ALL PERSONNEL:
> Firings will continue until morale improves.
>
>
>
>---
>[This E-mail scanned for viruses by Declude Virus]
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
In fact I don't think that will solve you problem but who know :)
--
Regards,
D. Penev
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009180636.GA253>