Date: Wed, 10 Oct 2001 21:29:43 -0400 From: Louis LeBlanc <leblanc+freebsd@smtp.ne.mediaone.net> To: freebsd-questions@FreeBSD.org Subject: IPFW, natd, and one big headache Message-ID: <20011010212942.A1037@acadia.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
Ok, I'm ready to lose it here. I finally have a firewall that doesn't appear to close anything off, and I know it opens those things I want opened, like outgoing ping, traceroute, incoming HTTP, HTTPS, IMAP, SMTP, etc. I take the script and source it one everything is up and dhclient is set, and it's all good. But that's only if I start up with an open firewall. Anything else and I never get the dhcp lease handled. I see it on the startup screen, but it fails. I get a TIMEOUT or MEDIUM from dhclient-exit-hooks in the dhclient.debug log. According to the dhclient-script manpage, I'm supposed to set a medium type for the interface in $interface to the medium type in $medium. Unfortunately, I haven't a clue what this means. When the process works, the medium type on my dhcp interface is set to Ethernet autoselect (10baseT/UTP). Is there something I should do to set this beforehand? Does it matter? Anyway, I am also seeing, even with this firewall that I know enables outbound ping, a ping attempt to the dhcp server that fails with a permission failure. And Natd. All I get out of that is Oct 10 21:08:31 acadia natd[396]: failed to write packet back (Permission denied) in the console log. I have the following in /etc/rc.conf: natd_program="/sbin/natd" natd_interface="xl0" natd_enable=YES natd_flags="-unregistered_only -use_sockets -same_ports" and I have also tried using natd flags set instead to '-f /etc/natd.conf' which has: dynamic yes log no deny_incoming no use_sockets yes same_ports yes verbose no interface xl0 unregistered_only no And the internal machines can see the gateway, and visa versa, the gateway may see the outside world, but the internals don't see out. ps -ax | grep natd shows: 396 ?? Is 0:00.28 /sbin/natd -unregistered_only -use_sockets -same_port I know this is a lot of questions, and I know this has been discussed here before, but I'm lost. I've read several of the online resources, and I think I'm following things correctly, but there's some stupid thing I keep missing. Even the very clear cheat sheets at http://www.mostgraveconcern/freebsd/ didn't get me thru it. I used the examples exactly, and I do have all the IPF options in my kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT Someone please toss me a clue. TIA Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ micro: Thinker toys. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011010212942.A1037>