From owner-freebsd-questions  Fri Apr  2 16:32:33 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from lsmls02.we.mediaone.net (lsmls02.we.mediaone.net [24.130.1.15])
	by hub.freebsd.org (Postfix) with ESMTP id 92C3F15057
	for <questions@freebsd.org>; Fri,  2 Apr 1999 16:32:23 -0800 (PST)
	(envelope-from gummibear@we.mediaone.net)
Received: from gummibear.we.mediaone.net (we-24-130-60-137.we.mediaone.net [24.130.60.137])
	by lsmls02.we.mediaone.net (8.8.7/8.8.7) with SMTP id QAA26986
	for <questions@freebsd.org>; Fri, 2 Apr 1999 16:32:02 -0800 (PST)
From: gummibear@we.mediaone.net
Message-Id: <3.0.6.32.19990402163410.0079a260@we.mediaone.net>
X-Sender: gummibear@we.mediaone.net
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Fri, 02 Apr 1999 16:34:10 -0800
To: questions@freebsd.org
Subject: Natd and Gateway Problems
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Okay, so I've been screwing with this for about a week now.  I'm sort of
getting pretty frustrated.  I've treated FreeBSD with love and care, and
now it's spitting back in my face.

Here's the deal.  I got 1 Win95 machine, one FreeBSD machine, and 1 cable
modem.  I would like to use the FreeBSD machine as my Gateway and
Workstation.  It has 2 network cards (ed0 and ed1).

I have read the manpages for natd.  I have built a custom kernel with
IPFIREWALL and IPDIVERT.  Below I have listed most of my configuration
files and output from ifconfig and netstat.

My ISP information is as follows:

My IP: 24.130.60.137
ISP's Gateway: 24.130.60.1
ISP's Netmask: 255.255.252.0

Here's my config files and stuff:

My rc.conf:

# -- sysinstall generated deltas -- #
ifconfig_ed0="inet
24.130.60.137  netmask 255.255.252.0"
ifconfig_ed1="inet 10.0.0.1 netmask
255.255.255.0"
defaultrouter="24.130.60.1"
network_interfaces="ed0 ed1
lo0"
hostname="gummibear.we.mediaone.net"
firewall_enable="YES"
gateway_enab
le="YES"


My rc.firewall:

/sbin/ipfw -f flush
/sbin/ipfw add divert natd
ip from any to any via ed0
/sbin/ipfw add allow ip from any to any

My
netstat -rn:

Internet:
Destination        Gateway            Flags
Refs     Use     Netif Expire
default            24.130.60.1        UGSc
    1      194      ed0
24.130.60/22       link#1             UC          0
       0      ed0
24.130.60.1        0:90:2b:93:c8:20   UHLW        1
 0      ed0   1137
127.0.0.1          127.0.0.1          UH          0
  0      lo0

My ifconfig -a:

ed0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet
24.130.60.137 netmask 0xfffffc00 broadcast 24.130.63.255
        ether
52:54:00:e1:14:b7 
ed1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

     ether 52:54:05:de:cc:f6 
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu
1500
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0:
flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1
netmask 0xff000000

My dmesg | more:

Copyright (c) 1992-1999 FreeBSD
Inc.
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the
University of California. All rights reserved.
FreeBSD 3.1-RELEASE #2: Sun
Mar 28 23:41:57 PST 1999

root@gummibear.we.mediaone.net:/usr/src/sys/compile/GUMMIBEAR
Timecounter
"i8254"  frequency 1193182 Hz
Timecounter "TSC"  frequency 124231938
Hz
CPU: Pentium/P54C (124.23-MHz 586-class CPU)
  Origin = "GenuineIntel"
Id = 0x52c  Stepping=12

Features=0x1bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8>
real memory  = 67108864
(65536K bytes)
avail memory = 62959616 (61484K bytes)
Preloaded elf kernel
"kernel" at 0xf0236000.
Probing for devices on PCI bus 0:
chip0: <Intel
82437FX PCI cache memory controller> rev 0x02 on pci0.0.0
chip1: <Intel
82371FB PCI to ISA bridge> rev 0x02 on pci0.7.0
ide_pci0: <Intel PIIX
Bus-master IDE controller> rev 0x02 on pci0.7.1
ed0: <NE2000 PCI Ethernet
(RealTek 8029)> rev 0x00 int a irq 10 on pci0.8.0
ed0: address
52:54:00:e1:14:b7, type NE2000 (16 bit) 
ed1: <NE2000 PCI Ethernet (RealTek
8029)> rev 0x00 int a irq 11 on pci0.9.0
ed1: address 52:54:05:de:cc:f6,
type NE2000 (16 bit)

<cut a bunch of misc hardware crap>

IP packet filtering initialized, divert enabled, rule-based forwarding
disabled,
 logging disabled
changing root device to wd0s2a


Yeah, I know that the ifconfig doesn't have settings for ed1.  As a last
resort I deleted the ed1 entry to see if I can at least try to ping out of
ed0.  But zero, I can't do shit.  I can't ping anything.  It just doesn't
work.  If I try to ping yahoo.com it just hangs there.  When I boot it
hangs at sendmail and then I do a ctl-c to kill that and move on.

Some sample configurations, or a full blown detailed description of a
working system would be greatly appreciated.  I guess if I can follow what
someone else did, then I can get this to work.  I don't care about security
right now, I just want it to work.  Then I'll worry about making scricter
firewall rules.  (once I figure out how).

Thanks for your help.

Joey


================================================================
Joey Bear Garcia
Downey, CA
bear@pacificnet.net
================================================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message