From owner-freebsd-current@FreeBSD.ORG Tue Sep 28 11:11:45 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25D2D16A4CE for ; Tue, 28 Sep 2004 11:11:45 +0000 (GMT) Received: from genesis.ridley.unimelb.edu.au (genesis.ridley.unimelb.edu.au [128.250.2.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEC5543D5D for ; Tue, 28 Sep 2004 11:11:44 +0000 (GMT) (envelope-from r.dridan@ridley.unimelb.edu.au) Received: from localhost (localhost [127.0.0.1]) by genesis.ridley.unimelb.edu.au (Postfix) with ESMTP id 2AB2C5614B; Tue, 28 Sep 2004 21:11:43 +1000 (EST) Received: from genesis.ridley.unimelb.edu.au ([127.0.0.1]) (amavisd-new, port 10024) with LMTP id 91681-07-2; Tue, 28 Sep 2004 21:11:39 +1000 (EST) Received: by genesis.ridley.unimelb.edu.au (Postfix, from userid 2022) id 8C2F45614A; Tue, 28 Sep 2004 21:11:39 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by genesis.ridley.unimelb.edu.au (Postfix) with ESMTP id 89EDE56148; Tue, 28 Sep 2004 21:11:39 +1000 (EST) Date: Tue, 28 Sep 2004 21:11:39 +1000 (EST) From: Rebecca Dridan X-X-Sender: rdrid@genesis.ridley.unimelb.edu.au To: freebsd-current@freebsd.org Message-ID: <20040928205839.L2872@genesis.ridley.unimelb.edu.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at ridley.unimelb.edu.au X-Mailman-Approved-At: Tue, 28 Sep 2004 14:39:14 +0000 cc: r.dridan@ridley.unimelb.edu.au Subject: natd not doing anything X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sysadmin@ridley.unimelb.edu.au List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 11:11:45 -0000 Hi all: I am having some issues with network set-up. I'm running CURRENT as of 26th September, with an ipfw firewall and natd. I have one gateway machine with one external NIC and 3 internal NICs. At present nothing from my internal machines can get out. I've reduced the firewall (temporarily) to a basic ipfw -f flush divert natd ip from any to any via fxp0 allow ip from any to any When I turn logging on, I see the packets being diverted, and then accepted by later rules, but not being rewritten in between, ie ipfw: 30 Divert 8668 TCP 192.168.7.2:54619 :1025 out via fxp0 ipfw: 70 Accept TCP 192.168.7.2:54619 :1025 out via fxp0 and the packets never get to the remote IP. I can see natd running with ps, but even when I run it on the command line with -v it doesn't seem to do anything. Is there something I'm missing? Something else I could check? I've attched the relevant bits of my rc.conf and kernel conf below. Any other information that would be useful, please ask. Thanks, Bec (please CC me with any replies) The relevant bits of rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall.local" # Which script to run to set up the fir ewall firewall_quiet="YES" # Set to YES to suppress rule display # Enable routing gateway_enable="YES" # Set to YES if this host will be a gateway. natd_enable="YES" natd_interface="fxp0" natd_flags="-u" kernel config: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPFIREWALL #firewall - need for mac filtering options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPFIREWALL_FORWARD #enables changing of packet dest options IPDIVERT #divert IP sockets, used by ipfw divert