Date: Thu, 6 Jul 2000 23:15:15 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Jens Sauer <pirol9999@gmx.net> Cc: RaymundoVega@home.com, freebsd-questions@FreeBSD.ORG Subject: Re: IPFW-question Message-ID: <20000706231515.D682@dialin-client.earthlink.net> In-Reply-To: <20000707021948.E442337BCF1@hub.freebsd.org>; from pirol9999@gmx.net on Fri, Jul 07, 2000 at 04:21:30AM %2B0200 References: <20000707021948.E442337BCF1@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 07, 2000 at 04:21:30AM +0200, Jens Sauer wrote: > > Jens Sauer wrote: > >> > >> Hi all, > >> > >> i am using ipfw for the very first time and have the following problem: > >> > >> i configured my kernel with FIREWALL- and IPDIVERT-support fot NATD, > >> because of my private-address-clients. > >> > >> my rc.conf looks that way: > >> > >> ... > >> **ISDN-things** > >> ... > >> natd_enable="YES" > >> natd_interface="isp0" > >> natd_flags="-dynamic" > >> firewall_enable="YES" > >> gateway_enable="YES" > >> > >> my isdn-interface ISP0 is working fine, when i ping the internet from > >> the firewall, it dials, all ok. > >> > >> but when i traceroute into the internet from a LAN-client (192.168.0.x), > >> the isdn-card on the firewall is successfully dialing (interface is up), > >> but the packets are only going up to the network-card on the firewall, > >> then i get a timeout. > >> > >> I configured IPFW like that: > >> > >> ipfw -f flush > >> ipfw add pass all from any to any > >> ipfw add divert natd all from any to any via isp0 > > > > > I think the ipfw divert must go before the pass line > > > raymundo > > I have tried that too, no change. > I forgot to mention the entry "firewall_script="/etc/firewall/mine" in > rc.conf, where "mine" ran the above ipfw-commands. > I tried also firewall_type="open" (but the rc.firewall-script > is running the same commands, when configured as "open") > > thanks anyway for your help, i will try further Those last two definately MUST be switched in order for natd(8) to work. If you tcpdump on each interface of the gateway when that internal machine is trying to traceroute out, what do you see? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000706231515.D682>