From owner-freebsd-questions  Wed Sep 19 16:22:20 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns1.austclear.com.au (ns1.austclear.com.au [192.43.185.68])
	by hub.freebsd.org (Postfix) with ESMTP id C923437B41B
	for <freebsd-questions@FreeBSD.ORG>; Wed, 19 Sep 2001 16:22:16 -0700 (PDT)
Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.166.65])
	by ns1.austclear.com.au (8.11.2/8.11.3) with ESMTP id f8JNMFv56675;
	Thu, 20 Sep 2001 09:22:15 +1000 (EST)
	(envelope-from ahl@austclear.com.au)
Received: from tungsten (tungsten [192.168.166.65])
        by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id JAA27619;
        Thu, 20 Sep 2001 09:22:15 +1000 (EST)
Message-Id: <200109192322.JAA27619@tungsten.austclear.com.au>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Dylan Carlson <damage_z@yahoo.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd issues... 
In-Reply-To: Message from Dylan Carlson <damage_z@yahoo.com> 
   of "Wed, 19 Sep 2001 14:22:16 MST." <20010919212216.18508.qmail@web10402.mail.yahoo.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 20 Sep 2001 09:22:15 +1000
From: Tony Landells <ahl@austclear.com.au>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi Dylan,

There's nothing obviously wrong in there, so here are some debugging
tips:

	look at /var/log/security, where the messages from ipfw "log"
	rules go

	add "log" to ALL deny rules until you have a better idea of
	what's going on

	confirm that natd is actually running

	run natd manually with the -v option to get a listing of it
	translating packets

Personally, I have a rule fairly early on that creates a log message
for every TCP connection:

	${fwcmd} add count log tcp from any to any in setup

It gives me a permanent record of all my TCP connections.  For
debugging, you may want to have it in twice: once at the beginning
of your ruleset, and once just after the "divert" rule, so you can
see what hit your firewall, and what it looked like after translation.

Cheers

Tony
-- 
Tony Landells					<ahl@austclear.com.au>
Senior Network Engineer				Ph:  +61 3 9677 9319
Australian Clearing Services Pty Ltd		Fax: +61 3 9677 9355
Level 4, Rialto North Tower
525 Collins Street
Melbourne VIC 3000
Australia



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message