From owner-freebsd-net Sat May 26 22:39:48 2001 Delivered-To: freebsd-net@freebsd.org Received: from mailfarm.ipfnet.net (mailfarm.ipfnet.net [195.211.129.222]) by hub.freebsd.org (Postfix) with ESMTP id D45EF37B42C for ; Sat, 26 May 2001 22:39:41 -0700 (PDT) (envelope-from ml-freebsd-net@phobgate.de) Received: from [192.168.2.94] (router-195-211-129.ipfnet.net [195.211.129.1]) (authenticated) by mailfarm.ipfnet.net (8.11.3/8.11.3) with ESMTP id f4R5dUr79607; Sun, 27 May 2001 07:39:31 +0200 (CEST) Date: Sun, 27 May 2001 07:39:33 +0200 From: alex Reply-To: alex To: Brandt , freebsd-net@freebsd.org Subject: Re: natd, 2 NIC's, 2 Hubs, Something I'm missing? Message-ID: <3106695403.990949173@[192.168.2.94]> In-Reply-To: <00c901c0e655$481099b0$14be2ece@osc20> X-Mailer: Mulberry/2.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi, i have a fbsd 4.3 box with natd acting as a router too. unfortunately i did all the natd and ipfw stuff in my own rc.firewall script. but here my suggestions: - kernel options seems to be ok for natd - in rc.conf remove the 'natd_flags="-f /etc/natd.conf"' line in NATD section (or do you have anything special in this file..?). remove the whole 'router_*' section (you probably don't need routing when doing nat). - as you have the 'gateway_enable=YES' in your rc.conf, net.inet.ip.forwarding should already be enabled (done by rc.network if gateway_enable=yes) and anything should be fine, well i hope so :) i'm just worried about your ifconfig output for dc0, hat it really hw_addr of ff:ff:ff:ff:ff:ff ? unusual i think..?? greetings, alex --On Samstag, 26. Mai 2001 21:32 -0500 Brandt wrote: > Hello all, this has got me stumped. > > FreeBSD 4.3 > vr0: ip= 65.3.111.111 subnet 255.255.255.0 > dc0: ip= 192.168.1.1 subnet 255.255.255.0 > > Kernel has been recompiled with IPDIVERT and IPFIREWALL options, > and every thing WORKS fine as long as I have both NIC's pluged into the > SAME hub. > > But shouldn't this also work when the vr0 interface is moved to a > seperate hub? So that the internet interface and the LAN interface > (dc0) are on seperate networks? > > The strange thing is that as soon as I unplug the 65.3.*.* interface from > the hub, the other 192.168.1.* boxes can't ping the dc0, 192.168.1.1 > interface even though they are still connected to the same hub. At the > same time, the dc0 interface can still ping the other LAN boxen on the > 192.168 network. > > Any ideas as to what is going on? > > - Brandt > ## My Kernel ########## > options IPDIVERT > options IPFIREWALL > > ## /etc/rc.conf ########## > sendmail_enable="YES" > sshd_enable="YES" > inetd_enable="YES" > gateway_enable="YES" > network_interfaces="vr0 lo0 dc0" > ifconfig_vr0="inet 65.3.111.111 netmask 255.255.255.0" > defaultrouter="65.3.111.1" > ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" > hostname="myhostname.mydomain.com" > > #NATD > natd_enable="YES" > natd_interface="vr0" > natd_flags="-f /etc/natd.conf" > > #FIREWALL > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="open" > firewall_quiet="NO" > firewall_logging="YES" > firewall_flags="" > > #ATTEMPT TO CORRECT ROUTING TABLE > router_enable="YES" > router="routed" > router_flags="-s" > > ## ifconfig ########## > dc0: flags=8843 mtu 1500 > inet 192.168.1.1 netmask 0xffff0000 broadcast 192.168.255.255 > inet6 fe80::280:c8ff:fee8:58fe%dc0 prefixlen 64 scopeid 0x1 > ether ff:ff:ff:ff:ff:ff > media: autoselect (100baseTX ) status: active > supported media: autoselect 100baseTX 100baseTX > 10baseT/UTP 10baseT/UTP none vr0: > flags=8843 mtu 1500 inet > 65.3.111.111 netmask 0xffffff00 broadcast 65.3.111.255 inet6 > fe80::280:c8ff:fee8:58fe%vr0 prefixlen 64 scopeid 0x2 ether > 00:80:c8:e8:58:fe > media: autoselect (10baseT/UTP) status: active > supported media: autoselect 100baseTX 100baseTX > 10baseT/UTP 10baseT/UTP none > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message