Date: Thu, 09 Nov 2000 10:16:45 -0500 From: Nathan Vidican <webmaster@wmptl.com> To: pgd@telehorizon.com Cc: questions@freebsd.org Subject: Re: setting up NAT.. Message-ID: <3A0ABFDD.EC18C380@wmptl.com> References: <973760877.3a0a696dc644a@webmail.telehorizon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
pgd@telehorizon.com wrote:
>
> hi,
>
> i'm trying to set up NAT here and sadly enough it just won't work :^(
> Any help/suggestion/advise will be appreciated :^)
>
> Here's a simplification of my network:
>
> pc3 pc1
> +----+ +-----+
> |.89 | gateway | |
> | +-+ +------+ +--+ |
> +----+ | | | | | | +-----+
> +---| | | |-----+
> | | | | | | +-----+
> internet<--+ +------+ +--+ |
> ^ ^ | |
> fxp0 xl0 +-----+
> pc2
>
> ### THE SET UP ###
>
> My gateway runs a firewall. Communication with internet happens via pc3.
> Here's what i did so far (to begin with, i chose the 10.0.0.x IP-range) :
>
> On my gateway computer i've compiled the kernel with
> options IPFIREWALL
> options IPDIVERT
>
> Further, i set:
> geteway_enable=YES
>
> I checked /etc/services and natd is there, allright. I set up the following in
> rc.conf:
> natd_enable="YES"
> natd_interface="175.23.12.89"
> natd_flags="-f /etc/natd.cf"
>
> This enables in /etc/rc.firewall the following rule which now appears at the
> begining of the file:
> ipfw add 500 divert 8668 all from any to any via ${natd_interface}
>
> Then it seems to be time to change the IP's. Here's my distribution:
> - gateway xl0 becomes 10.0.0.1
> - pc1 becomes 10.0.0.2
> - pc2 becomes 10.0.0.3
>
> - netmask on all three becomes 10.255.255.254
>
> ### THE PROBLEM ###
>
> Now, when I reboot the boxes I get the following messages on pc1 and pc2:
> route: writing to routing network socket: Network is unreachable
> add net default: gateway 10.0.0.1: Network is unreachable
>
> When I login and try to ping:
> On pc1:
> ping 10.0.0.2 (localhost) works fine
> ping 10.0.0.3 (pc2) works fine
> ping 10.0.0.1 (gateway) gives "No route to host"
> On pc2:
> ping 10.0.0.3 (localhost) gives "Can't assign requested address"
> ping 10.0.0.2 (pc1) fails
> ping 10.0.0.1 (gateway) gives "No route to host"
> Gateway:
> ping 10.0.0.1 (localhost) works fine
> ping 10.0.0.0 (network) works fine
>
> Oups! Trouble :^/
> do u think u can help?
>
> thanks,
> dimitri
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
Try this instead:
/etc/rc.firewall:
#!/bin/sh
/sbin/ipfw -f flush
/sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add 2000 divert 8668 all from any to any via <real internet
ip>
/sbin/ipfw add 3000 pass all from any to any
# end of rc.firewall file
/etc/natd.conf:
use_sockets no
port 8668
interface xl0
# end of natd.conf file
/etc/rc.conf:
# just add the following to the bottom of the file:
firewall_enabled="YES"
firewall_type="CUSTOM"
natd_enabled="YES"
natd_flags="-m -f /etc/natd.conf -n xl0"
# end of rc.conf additions
If you follow those lines above exactly, assuming that you're kernel is
configured properly, the system will work. Your previously supplied
config attempted to run natd on the external interface; this is a common
misconception. You should run natd on the internal interface, and ipfw
on the external interface.
--
Nathan Vidican
webmaster@wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A0ABFDD.EC18C380>