From owner-freebsd-questions@FreeBSD.ORG Fri Jun 27 08:39:43 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2549F37B401 for ; Fri, 27 Jun 2003 08:39:43 -0700 (PDT) Received: from lagash.satanosphere.com (216-210-218-82.atgi.net [216.210.218.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDB3C43FEC for ; Fri, 27 Jun 2003 08:39:41 -0700 (PDT) (envelope-from jeremy@lagash.satanosphere.com) Received: from lagash.satanosphere.com (localhost [127.0.0.1]) h5RG6TbO080495; Fri, 27 Jun 2003 09:06:29 -0700 (PDT) (envelope-from jeremy@lagash.satanosphere.com) Received: (from jeremy@localhost) by lagash.satanosphere.com (8.12.6p2/8.12.6/Submit) id h5RG6SRU080494; Fri, 27 Jun 2003 09:06:28 -0700 (PDT) Date: Fri, 27 Jun 2003 09:06:28 -0700 From: Jeremy Bingham To: Han Hwei Woo Message-ID: <20030627160628.GA80468@lagash.satanosphere.com> References: <20030625191607.GD69633@lagash.satanosphere.com> <009101c33cb2$1514b630$0200a8c0@a7n8x> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: <009101c33cb2$1514b630$0200a8c0@a7n8x> User-Agent: Mutt/1.4i Sender: jeremy@satanosphere.com X-PGP-Key: http://home.satanosphere.com/jeremy-pubkey.asc X-Spam-Status: No, hits=-39.4 required=7.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,QUOTE_TWICE_1,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.50 X-Spam-Report: ---- Start SpamAssassin results -39.40 points, 7 required; * -6.3 -- Contains a PGP-signed message (signature attached) * -3.3 -- Has a In-Reply-To header * -6.6 -- Has a valid-looking References header * -6.5 -- BODY: Contains what looks like an email attribution * -0.6 -- BODY: Contains twice quoted reply * -3.2 -- BODY: Contains what looks like a quoted email text * -6.5 -- Reply with quoted text * -6.4 -- User-Agent header indicates a non-spam MUA (Mutt) ---- End of SpamAssassin results X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-questions@freebsd.org Subject: Re: NAT Dropping Internal Connection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2003 15:39:43 -0000 --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 27/06/03 10:43 -0300, Han Hwei Woo wrote: > Is there any reason you are running both ipfw + ipfilter? Although they > probably should play nice together, it might be best not to tempt fate, > especially when you're experiencing problems. Also, are you using ipnat or > natd to perform NAT? I tried taking IPDIVERT out of my kernel, but that killed NAT, so I had to revert to the old kernel. I'm still playing with it. I had been told that running both IPFIREWALL and IPDIVERT was unecessary. I am running natd to perform NAT (with the -dynamic flag). -j >=20 > ----- Original Message -----=20 > From: "Jeremy Bingham" > To: > Sent: Wednesday, June 25, 2003 4:16 PM > Subject: Re: NAT Dropping Internal Connection >=20 > On 25/06/03 14:39 -0400, FBSD_User wrote: > > Sounds like hardware problem with the switch or hub on your LAN. >=20 > Rebooting the machine makes the NAT stuff work again. Could the hub > still be a problem in that case? >=20 > -j >=20 > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jeremy > > Bingham > > Sent: Wednesday, June 25, 2003 2:25 PM > > To: freebsd-questions@freebsd.org > > Subject: NAT Dropping Internal Connection > > > > I have a P-200 running 4.8-STABLE running as a NAT box at home. It > > runs > > well, except that periodically it will drop it's connection on the > > internal side of the network. The external interface still works, > > but the > > internal machines can't ping the NAT box at all and the NAT box > > can't > > ping the internal machines. > > > > I've looked through the mailing lists and google for hints why this > > might be happening, but I can't find anything. /var/log/messages > > also > > reveals nothing. Here are the relevant kernel options: > > > > options IPFIREWALL > > options IPFIREWALL_FORWARD > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > options IPDIVERT > > options IPFILTER > > options IPSTEALTH > > options RANDOM_IP_ID > > options TCP_DROP_SYNFIN > > > > Would any of those cause the problem, or is there a kernel option > > that > > I'm accidentally leaving off? > > > > Thanks, > > > > -Jeremy Bingham > > > > > > ---------------------------------------------- > > /* You are not expected to understand this. */ > > > > Captain_Tenille > > http://www.satanosphere.com/ > > jeremy@satanosphere.com > > >=20 > --=20 >=20 > ---------------------------------------------- > /* You are not expected to understand this. */ >=20 > Captain_Tenille > http://www.satanosphere.com/ > jeremy@satanosphere.com >=20 --=20 ---------------------------------------------- /* You are not expected to understand this. */ Captain_Tenille http://www.satanosphere.com/ jeremy@satanosphere.com --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+/GuDz9BfgBOfXn0RArVKAKDJh2H9UMVSjDpxbczH+xz2cAeZXwCglMAo jXsDXzSYlZxjEAjXDCU79Gc= =21ei -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L--