From owner-freebsd-questions Wed Oct 9 15:36:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 453B437B401 for ; Wed, 9 Oct 2002 15:36:06 -0700 (PDT) Received: from mail.mccallie.org (mail.mccallie.org [66.129.5.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44F0143E6E for ; Wed, 9 Oct 2002 15:36:05 -0700 (PDT) (envelope-from stchill@mccallie.org) Date: Wed, 9 Oct 2002 18:34:43 -0400 Message-Id: <200210091834.AA431817180@mail.mccallie.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "2005 - Chill, Samuel Thomas" Reply-To: X-Sender: To: Subject: Re: Puzzling Simple NATD and IPFW Problem X-Mailer: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG After fixing all of these "problems" still it does not work! Im running FreeBSD 4.6-STABLE Using two realtek 8139's (rl0 external rl1 internal) External is Dhcp to cable modem Internal ip is 10.0.0.1 Client machines have 10.0.0.x as there ip and 10.0.0.1 set as there gateway and dns ---------- Original Message ---------------------------------- From: "D. Penev" Date: Wed, 9 Oct 2002 21:06:36 +0300 On Wed, Oct 09, 2002 at 12:00:25AM -0400, 2005 - Chill, Samuel Thomas wrote: >Date: Wed, 9 Oct 2002 00:00:25 -0400 >From: "2005 - Chill, Samuel Thomas" >To: >Subject: Re: Puzzling Simple NATD and IPFW Problem > >Here is the info. Hope it helps solve this problem. ># ifconfig -a >rl0: flags=8843 mtu 1500 > inet6 fe80::201:aff:fe10:815b%rl0 prefixlen 64 scopeid 0x1 > inet 68.59.237.192 netmask 0xfffff800 broadcast 68.59.239.255 > ether 00:01:0a:10:81:5b > media: Ethernet autoselect (100baseTX ) > status: active >rl1: flags=8843 mtu 1500 > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > inet6 fe80::2d0:9ff:fec6:15ed%rl1 prefixlen 64 scopeid 0x2 > ether 00:d0:09:c6:15:ed > media: Ethernet autoselect (10baseT/UTP) > status: active >lp0: flags=8810 mtu 1500 >sl0: flags=c010 mtu 552 >faith0: flags=8002 mtu 1500 >lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > inet 127.0.0.1 netmask 0xff000000 >ppp0: flags=8010 mtu 1500 > ># ipfw -a l >00100 160 72611 divert 8668 ip from any to any via rl0 >00200 661 115174 allow ip from any to any >65535 4 581 deny ip from any to any > ># netstat -rn >Routing tables > >Internet: >Destination Gateway Flags Refs Use Netif Expire >default 68.59.232.1 UGSc 9 5 rl0 >10/24 link#2 UC 2 0 rl1 >10.0.0.3 00:04:5a:53:4d:92 UHLW 2 2109 rl1 241 >10.0.0.4 00:04:5a:53:4d:92 UHLW 2 679 rl1 1050 >68.59.232/21 link#1 UC 2 0 rl0 >68.59.232.1 00:02:fc:82:f0:54 UHLW 10 0 rl0 1199 >68.59.237.177 00:02:fc:82:f0:70 UHLW 0 6 rl0 163 >68.59.237.192 127.0.0.1 UGHS 0 0 lo0 >127.0.0.1 127.0.0.1 UH 1 0 lo0 > >Internet6: >Destination Gateway Flags Netif Expire >::1 ::1 UH lo0 >fe80::%rl0/64 link#1 UC rl0 >fe80::201:aff:fe10:815b%rl0 00:01:0a:10:81:5b UHL lo0 >fe80::%rl1/64 link#2 UC rl1 >fe80::2d0:9ff:fec6:15ed%rl1 00:d0:09:c6:15:ed UHL lo0 >fe80::%lo0/64 fe80::1%lo0 Uc lo0 >fe80::1%lo0 link#6 UHL lo0 >ff01::/32 ::1 U lo0 >ff02::%rl0/32 link#1 UC rl0 >ff02::%rl1/32 link#2 UC rl1 >ff02::%lo0/32 ::1 UC lo0 > ># sysctl net.inet.ip.forwarding >net.inet.ip.forwarding: 1 > ># ps -aux |grep nat >root 216 0.0 0.1 436 292 ?? Is 6:13PM 0:00.01 natd -interface rl0 what ps x | grep natd show ? In principle if natd is started from rc.network first argument must be $natd_flags and then $natd_interface. > > ># cat /etc/rc.conf >gateway_enable="YES" >firewall_enable="YES" >firewall_type="/etc/rc.ipfw-queue" >firewall_quiet="NO" >natd_enabled="YES" ^ Is this error really exist in rc.conf ? >natd_interface="rl0" >natd_flags="-f /etc/natd.conf" >hostname=".andrsn01.tn.comcast.net" >ifconfig_rl0="DHCP" >ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0" >inetd_enable="YES" >kern_securelevel_enable="NO" >linux_enable="YES" >lpd_enable="YES" >nfs_reserved_port_only="YES" >sendmail_enable="YES" >sshd_enable="YES" >usbd_enable="YES" > ># cat /etc/natd.conf >dynamic yes >use_sockets yes >same_ports yes >unregistered_only >---------- Original Message ---------------------------------- >From: Nick Rogness >Date: Tue, 8 Oct 2002 15:38:00 -0600 (MDT) > >On Tue, 8 Oct 2002, 2005 - Chill, Samuel Thomas wrote: > >> I have ipfirewall, ipdivert, and dummynet all compiled into my kernel. I >> am able to run run natd and to specify rules with ipfw, i can also ping >> my external interface. My internal network card (rl1) is 10.0.0.1 and my >> lan clients are running on 10.0.0.x. I can ping everything, the network >> is setup properly. Im using the default rules supplied in the man page >> and apperently natd is not passing them on. I cant ping or go to any >> website at all. The lan clients have 10.0.0.1 set as there default >> gateway. rl0 is connected to the cable modem and gets it ip via dhcp. >> The freebsd box can ping any thing but apparently nothing is forwarded >> to the external interface. I have double checked and reinstalled >> multiple times and it seems that it is bound to never work! > > Do you have gateway_enable="YES" in /etc/rc.conf? > > What do the following show when you run them (just paste them in a > reply): > > # ifconfig -a > # netstat -rn > # ipfw -a l > # sysctl net.inet.ip.forwarding > # ps -aux |grep nat > # cat /etc/rc.conf > >Nick Rogness >- WARNING TO ALL PERSONNEL: > Firings will continue until morale improves. > > > >--- >[This E-mail scanned for viruses by Declude Virus] > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message In fact I don't think that will solve you problem but who know :) -- Regards, D. Penev --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message