From owner-freebsd-questions  Fri Jan 17  7:18:56 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47FD737B401
	for <freebsd-questions@FreeBSD.ORG>; Fri, 17 Jan 2003 07:18:52 -0800 (PST)
Received: from smtp.a1poweruser.com (oh-chardon6a-34.clvhoh.adelphia.net [68.169.105.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2144643ED8
	for <freebsd-questions@FreeBSD.ORG>; Fri, 17 Jan 2003 07:18:51 -0800 (PST)
	(envelope-from barbish@a1poweruser.com)
Received: from barbish (unknown [10.0.10.6])
	by smtp.a1poweruser.com (Postfix) with SMTP
	id 718D8DA; Fri, 17 Jan 2003 10:26:35 -0500 (EST)
Reply-To: <barbish@a1poweruser.com>
From: "JoeB" <barbish@a1poweruser.com>
To: "Stephen D. Kingrea" <reytech@sover.net>,
	"Bill Moran" <wmoran@potentialtech.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: RE: different ipfw/natd prob
Date: Fri, 17 Jan 2003 10:18:48 -0500
Message-ID: <MIEPLLIBMLEEABPDBIEGEENFDDAA.barbish@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <Pine.BSI.4.21.0301170843480.24479-100000@granite.sover.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Do you really have named Domain server configured? If not remove
named_enable="YES"
If you really do not want sendmail it should be
sendmail_enable="NONE"
From your description I see no reason for any of the  router_
options
You don't need this either
network_interfaces="lo0 fxp0 dc0"
ifconfig_lo0="inet 127.0.0.1"


Your rule set is missing the divert rule to send
all packets to ipfw's built in nat function inferface module.

allow ip from any to any via lo0
divert natd all from any to any via dc0         add this rule
allow all ip from any to any
deny ip from any to any



-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Stephen D.
Kingrea
Sent: Friday, January 17, 2003 8:53 AM
To: Bill Moran
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: different ipfw/natd prob

following is rc.conf, /etc/natd.conf, ifconfig, ipfw show

rc.conf

inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
tcp_extensions="YES"
named_enable="YES"
sendmail_enable="NO"
portmap_enable="YES"
router_enable="yes"
router="/sbin/routed"
router_flags="-q"
defaultrouter="68.abc.de.1"
hostname="www.kingrea.com"
network_interfaces="lo0 fxp0 dc0"
ifconfig_lo0="inet 127.0.0.1"
ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media
10baseT/UTP"
ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
gateway_enable="YES"
natd_enable="YES"
natd_interface="dc0"
natd_flags="-f /etc/natd.conf"

natd.conf

interface dc0
use_sockets yes
same_ports yes

ifconfig

dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255
        inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1
        ether 00:04:5a:5a:99:87
        media: Ethernet 10baseT/UTP
        status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2
        ether 00:a0:c9:5c:37:38
        media: Ethernet autoselect (100baseTX)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552

ipfw show

00100   0       0 allow ip from any to any via lo0
00200   0       0 deny ip from any to 127.0.0.0/8
00300   0       0 deny ip from 127.0.0.0/8 to any
65000   4208    345040 all ip from any to any
65535   0       0 deny ip from any to any


thanks for assistance!

stephen d. kingrea

On Fri, 17 Jan 2003, Bill Moran wrote:

>Stephen D. Kingrea wrote:
>> i have a slightly different ipfw/natd problem.
>>
>> machines on the lan can ping internal nic on the server (fbsd
4.7), and
>> the external nic, but can not ping or reach anything outside.
unless i
>> telnet into the server, then telnet out. currently running ipfw
>> "open" until problem is solved. server can ping all machines on
lan.
>
>On a wild guess, it sounds like your divert rule is wrong.
>Need more information to help with this.
>
>Please repost to the list and include the following:
>The output of 'ipfw show'
>The output of 'ifconfig'
>The contents of your rc.conf file
>
>--
>Bill Moran
>Potential Technologies
>http://www.potentialtech.com
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message