From owner-freebsd-questions Wed Oct 9 11: 6:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C0EA37B401 for ; Wed, 9 Oct 2002 11:06:55 -0700 (PDT) Received: from mail.bg (dialup185.varna.spnet.net [213.169.38.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5DBE43E3B for ; Wed, 9 Oct 2002 11:06:51 -0700 (PDT) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g99I6lPv001469; Wed, 9 Oct 2002 21:06:47 +0300 (EEST) (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g99I6bGF001468; Wed, 9 Oct 2002 21:06:37 +0300 (EEST) Date: Wed, 9 Oct 2002 21:06:36 +0300 From: "D. Penev" To: "2005 - Chill, Samuel Thomas" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Puzzling Simple NATD and IPFW Problem Message-ID: <20021009180636.GA253@earth.dpsca.bg> Mail-Followup-To: "2005 - Chill, Samuel Thomas" , freebsd-questions@FreeBSD.ORG References: <200210090000.AA367133064@mail.mccallie.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <200210090000.AA367133064@mail.mccallie.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Oct 09, 2002 at 12:00:25AM -0400, 2005 - Chill, Samuel Thomas wrote: >Date: Wed, 9 Oct 2002 00:00:25 -0400 >From: "2005 - Chill, Samuel Thomas" >To: >Subject: Re: Puzzling Simple NATD and IPFW Problem > >Here is the info. Hope it helps solve this problem. ># ifconfig -a >rl0: flags=8843 mtu 1500 > inet6 fe80::201:aff:fe10:815b%rl0 prefixlen 64 scopeid 0x1 > inet 68.59.237.192 netmask 0xfffff800 broadcast 68.59.239.255 > ether 00:01:0a:10:81:5b > media: Ethernet autoselect (100baseTX ) > status: active >rl1: flags=8843 mtu 1500 > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > inet6 fe80::2d0:9ff:fec6:15ed%rl1 prefixlen 64 scopeid 0x2 > ether 00:d0:09:c6:15:ed > media: Ethernet autoselect (10baseT/UTP) > status: active >lp0: flags=8810 mtu 1500 >sl0: flags=c010 mtu 552 >faith0: flags=8002 mtu 1500 >lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > inet 127.0.0.1 netmask 0xff000000 >ppp0: flags=8010 mtu 1500 > ># ipfw -a l >00100 160 72611 divert 8668 ip from any to any via rl0 >00200 661 115174 allow ip from any to any >65535 4 581 deny ip from any to any > ># netstat -rn >Routing tables > >Internet: >Destination Gateway Flags Refs Use Netif Expire >default 68.59.232.1 UGSc 9 5 rl0 >10/24 link#2 UC 2 0 rl1 >10.0.0.3 00:04:5a:53:4d:92 UHLW 2 2109 rl1 241 >10.0.0.4 00:04:5a:53:4d:92 UHLW 2 679 rl1 1050 >68.59.232/21 link#1 UC 2 0 rl0 >68.59.232.1 00:02:fc:82:f0:54 UHLW 10 0 rl0 1199 >68.59.237.177 00:02:fc:82:f0:70 UHLW 0 6 rl0 163 >68.59.237.192 127.0.0.1 UGHS 0 0 lo0 >127.0.0.1 127.0.0.1 UH 1 0 lo0 > >Internet6: >Destination Gateway Flags Netif Expire >::1 ::1 UH lo0 >fe80::%rl0/64 link#1 UC rl0 >fe80::201:aff:fe10:815b%rl0 00:01:0a:10:81:5b UHL lo0 >fe80::%rl1/64 link#2 UC rl1 >fe80::2d0:9ff:fec6:15ed%rl1 00:d0:09:c6:15:ed UHL lo0 >fe80::%lo0/64 fe80::1%lo0 Uc lo0 >fe80::1%lo0 link#6 UHL lo0 >ff01::/32 ::1 U lo0 >ff02::%rl0/32 link#1 UC rl0 >ff02::%rl1/32 link#2 UC rl1 >ff02::%lo0/32 ::1 UC lo0 > ># sysctl net.inet.ip.forwarding >net.inet.ip.forwarding: 1 > ># ps -aux |grep nat >root 216 0.0 0.1 436 292 ?? Is 6:13PM 0:00.01 natd -interface rl0 what ps x | grep natd show ? In principle if natd is started from rc.network first argument must be $natd_flags and then $natd_interface. > > ># cat /etc/rc.conf >gateway_enable="YES" >firewall_enable="YES" >firewall_type="/etc/rc.ipfw-queue" >firewall_quiet="NO" >natd_enabled="YES" ^ Is this error really exist in rc.conf ? >natd_interface="rl0" >natd_flags="-f /etc/natd.conf" >hostname=".andrsn01.tn.comcast.net" >ifconfig_rl0="DHCP" >ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0" >inetd_enable="YES" >kern_securelevel_enable="NO" >linux_enable="YES" >lpd_enable="YES" >nfs_reserved_port_only="YES" >sendmail_enable="YES" >sshd_enable="YES" >usbd_enable="YES" > ># cat /etc/natd.conf >dynamic yes >use_sockets yes >same_ports yes >unregistered_only >---------- Original Message ---------------------------------- >From: Nick Rogness >Date: Tue, 8 Oct 2002 15:38:00 -0600 (MDT) > >On Tue, 8 Oct 2002, 2005 - Chill, Samuel Thomas wrote: > >> I have ipfirewall, ipdivert, and dummynet all compiled into my kernel. I >> am able to run run natd and to specify rules with ipfw, i can also ping >> my external interface. My internal network card (rl1) is 10.0.0.1 and my >> lan clients are running on 10.0.0.x. I can ping everything, the network >> is setup properly. Im using the default rules supplied in the man page >> and apperently natd is not passing them on. I cant ping or go to any >> website at all. The lan clients have 10.0.0.1 set as there default >> gateway. rl0 is connected to the cable modem and gets it ip via dhcp. >> The freebsd box can ping any thing but apparently nothing is forwarded >> to the external interface. I have double checked and reinstalled >> multiple times and it seems that it is bound to never work! > > Do you have gateway_enable="YES" in /etc/rc.conf? > > What do the following show when you run them (just paste them in a > reply): > > # ifconfig -a > # netstat -rn > # ipfw -a l > # sysctl net.inet.ip.forwarding > # ps -aux |grep nat > # cat /etc/rc.conf > >Nick Rogness >- WARNING TO ALL PERSONNEL: > Firings will continue until morale improves. > > > >--- >[This E-mail scanned for viruses by Declude Virus] > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message In fact I don't think that will solve you problem but who know :) -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message