From owner-freebsd-questions Fri Jan 17 7:12:23 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB29F37B401 for ; Fri, 17 Jan 2003 07:12:18 -0800 (PST) Received: from imo-m01.mx.aol.com (imo-m01.mx.aol.com [64.12.136.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB9E143E4A for ; Fri, 17 Jan 2003 07:12:17 -0800 (PST) (envelope-from WillyB1964N@netscape.net) Received: from WillyB1964N@netscape.net by imo-m01.mx.aol.com (mail_out_v34.13.) id 1.56.6bfa578 (16215); Fri, 17 Jan 2003 10:11:44 -0500 (EST) Received: from netscape.net (cm-24-121-16-61.kingman.az.npgco.com [24.121.16.61]) by air-in01.mx.aol.com (v90.10) with ESMTP id MAILININ13-0117101143; Fri, 17 Jan 2003 10:11:43 -0500 Message-ID: <3E281D67.9000202@netscape.net> Date: Fri, 17 Jan 2003 08:12:39 -0700 From: WillyB User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: reytech@sover.net Cc: Bill Moran , freebsd-questions@FreeBSD.ORG Subject: Re: different ipfw/natd prob References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Here's what I did that worked for me on FreeBSD 4.5-RELEASE Maybe this will help you some..... Kernel recompile options I added: options IPFIREWALL # I added for firewall options IPFIREWALL_DEFAULT_TO_ACCEPT # I added for firewall options IPFIREWALL_VERBOSE # I added for firewall options IPFIREWALL_VERBOSE_LIMIT=10 # I added for firewall options IPFIREWALL_DEFAULT_TO_ACCEPT # I added for firewall options IPFIREWALL_FORWARD # I added for firewall options IPDIVERT # I added for natd ipfw rules: /sbin/ipfw add 100 pass all from 127.0.0.1 to 127.0.0.1 /sbin/ipfw add 200 divert natd all from any to any via rl0 ifconfig: xl0: flags=8843 mtu 1500 options=3 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::201:2ff:fee8:2298%xl0 prefixlen 64 scopeid 0x1 ether 00:01:02:e8:22:98 media: Ethernet autoselect (100baseTX ) status: active rl0: flags=8843 mtu 1500 inet 24.xx.xxx.61 netmask 0xfffffe00 broadcast 24.xxxx.xxx.255 inet6 fe80::250:bfff:fe51:5503%rl0 prefixlen 64 scopeid 0x2 ether 00:50:bf:51:55:03 media: Ethernet autoselect (100baseTX ) status: active rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="rl0" natd_flags="-f /etc/natd.cf" hostname="mygatewayhost" ifconfig_rl0="inet 24.121.16.61 netmask 255.255.254.0" ifconfig_xl0="inet 192.168.0.1 netmask 255.255.255.0" WillyB reytech@sover.net wrote: > following is rc.conf, /etc/natd.conf, ifconfig, ipfw show > > rc.conf > > inetd_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > tcp_extensions="YES" > named_enable="YES" > sendmail_enable="NO" > portmap_enable="YES" > router_enable="yes" > router="/sbin/routed" > router_flags="-q" > defaultrouter="68.abc.de.1" > hostname="www.kingrea.com" > network_interfaces="lo0 fxp0 dc0" > ifconfig_lo0="inet 127.0.0.1" > ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media 10baseT/UTP" > ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0" > firewall_enable="YES" > firewall_type="OPEN" > gateway_enable="YES" > natd_enable="YES" > natd_interface="dc0" > natd_flags="-f /etc/natd.conf" > > natd.conf > > interface dc0 > use_sockets yes > same_ports yes > > ifconfig > > dc0: flags=8843 mtu 1500 > inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255 > inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1 > ether 00:04:5a:5a:99:87 > media: Ethernet 10baseT/UTP > status: active > fxp0: flags=8843 mtu 1500 > inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 > inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2 > ether 00:a0:c9:5c:37:38 > media: Ethernet autoselect (100baseTX) > status: active > lp0: flags=8810 mtu 1500 > faith0: flags=8002 mtu 1500 > lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010 mtu 1500 > sl0: flags=c010 mtu 552 > > ipfw show > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 4208 345040 all ip from any to any > 65535 0 0 deny ip from any to any > > > thanks for assistance! > > stephen d. kingrea > > On Fri, 17 Jan 2003, Bill Moran wrote: > > >>Stephen D. Kingrea wrote: >> >>>i have a slightly different ipfw/natd problem. >>> >>>machines on the lan can ping internal nic on the server (fbsd 4.7), and >>>the external nic, but can not ping or reach anything outside. unless i >>>telnet into the server, then telnet out. currently running ipfw >>>"open" until problem is solved. server can ping all machines on lan. >> >>On a wild guess, it sounds like your divert rule is wrong. >>Need more information to help with this. >> >>Please repost to the list and include the following: >>The output of 'ipfw show' >>The output of 'ifconfig' >>The contents of your rc.conf file >> >>-- >>Bill Moran >>Potential Technologies >>http://www.potentialtech.com >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message