Date: Fri, 17 Jan 2003 10:18:48 -0500 From: "JoeB" <barbish@a1poweruser.com> To: "Stephen D. Kingrea" <reytech@sover.net>, "Bill Moran" <wmoran@potentialtech.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: different ipfw/natd prob Message-ID: <MIEPLLIBMLEEABPDBIEGEENFDDAA.barbish@a1poweruser.com> In-Reply-To: <Pine.BSI.4.21.0301170843480.24479-100000@granite.sover.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you really have named Domain server configured? If not remove named_enable="YES" If you really do not want sendmail it should be sendmail_enable="NONE" From your description I see no reason for any of the router_ options You don't need this either network_interfaces="lo0 fxp0 dc0" ifconfig_lo0="inet 127.0.0.1" Your rule set is missing the divert rule to send all packets to ipfw's built in nat function inferface module. allow ip from any to any via lo0 divert natd all from any to any via dc0 add this rule allow all ip from any to any deny ip from any to any -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Stephen D. Kingrea Sent: Friday, January 17, 2003 8:53 AM To: Bill Moran Cc: freebsd-questions@FreeBSD.ORG Subject: Re: different ipfw/natd prob following is rc.conf, /etc/natd.conf, ifconfig, ipfw show rc.conf inetd_enable="YES" kern_securelevel_enable="NO" linux_enable="YES" tcp_extensions="YES" named_enable="YES" sendmail_enable="NO" portmap_enable="YES" router_enable="yes" router="/sbin/routed" router_flags="-q" defaultrouter="68.abc.de.1" hostname="www.kingrea.com" network_interfaces="lo0 fxp0 dc0" ifconfig_lo0="inet 127.0.0.1" ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media 10baseT/UTP" ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0" firewall_enable="YES" firewall_type="OPEN" gateway_enable="YES" natd_enable="YES" natd_interface="dc0" natd_flags="-f /etc/natd.conf" natd.conf interface dc0 use_sockets yes same_ports yes ifconfig dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255 inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1 ether 00:04:5a:5a:99:87 media: Ethernet 10baseT/UTP status: active fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2 ether 00:a0:c9:5c:37:38 media: Ethernet autoselect (100baseTX) status: active lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 4208 345040 all ip from any to any 65535 0 0 deny ip from any to any thanks for assistance! stephen d. kingrea On Fri, 17 Jan 2003, Bill Moran wrote: >Stephen D. Kingrea wrote: >> i have a slightly different ipfw/natd problem. >> >> machines on the lan can ping internal nic on the server (fbsd 4.7), and >> the external nic, but can not ping or reach anything outside. unless i >> telnet into the server, then telnet out. currently running ipfw >> "open" until problem is solved. server can ping all machines on lan. > >On a wild guess, it sounds like your divert rule is wrong. >Need more information to help with this. > >Please repost to the list and include the following: >The output of 'ipfw show' >The output of 'ifconfig' >The contents of your rc.conf file > >-- >Bill Moran >Potential Technologies >http://www.potentialtech.com > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEENFDDAA.barbish>