From owner-freebsd-questions Sat Sep 30 6:51:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pop.hccnet.nl (pop.hccnet.nl [193.172.127.94]) by hub.freebsd.org (Postfix) with ESMTP id CE5C037B502 for ; Sat, 30 Sep 2000 06:51:41 -0700 (PDT) Received: from parmenides.utp.net by pop.hccnet.nl via uds28-123.dial.hccnet.nl [193.173.123.28] with ESMTP id PAA21408 (8.8.5/1.13); Sat, 30 Sep 2000 15:51:33 +0200 (MET DST) Received: from localhost (janko@localhost) by parmenides.utp.net (8.9.3/8.9.3) with ESMTP id PAA00511; Sat, 30 Sep 2000 15:51:25 +0200 (CEST) (envelope-from janko@compuserve.com) X-Authentication-Warning: parmenides.utp.net: janko owned process doing -bs Date: Sat, 30 Sep 2000 15:51:25 +0200 (CEST) From: Janko van Roosmalen X-Sender: janko@parmenides.utp.net To: James Gorham Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Help! IPFW Problems(update) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG My flags for natd are: natd_flags="-dynamic -use_sockets -same_ports" as stated in the ipfw page at www.mostgraveconcern.com/freebsd, BTW did you configure the lan boxes to use the FreeBSD box as their gateway? ===Janko van Roosmalen - Vught - Netherlands=== On Fri, 29 Sep 2000, James Gorham wrote: > > Ok, I recompiled the kernel and it seems to be working better. I > still get the IP_FW errors that I described before, but I can now > ping out to the world from the FreeBSD box without getting the > sendto: permission denied errors. I'm thinking I need some more > tweaking on rc.conf and things will start to shape up. I'm going to > paste my rc.conf here (with IPs changed), my public interface is dc0, > the LAN interface is de0. > > The LAN machines are set to use 192.168.1.1 as their router, and > appear to be able to lookup names (they also use 192.168.1.1 as the > nameserver), can get to the machine itself, but can't get out to the > internet. > > The errors I mentioned about IP_FW are as follows: > > 0050 divert 8668 ip from any to any via dc0 > ipfw: setsockopt(IP_FW_ADD): Invalid argument > > 00100 allow ip from any to any via lo0 > ipfw: setsockopt(IP_FW_ADD): Invalid argument > > 00200 deny ip from any to 127.0.0.0/8 > ipfw: setsockop(IP_FW-AD): Invalid Argument > > 65000 allow ip from any to any > ipfw: setsockopt(IP_FW_ADD): Invalid argument > > I'm thinking this is still a problem with my rc.conf settings, just > can't quite figure out what. I haven't ever touched rc.firewall, so I > can't think that would be it. > > -j > > > # This file now contains just the overrides from /etc/defaults/rc.conf > # please make all changes to this file. > > # -- sysinstall generated deltas -- # > ifconfig_dc0="inet 216.128.57.99 netmask 255.255.255.0" > ifconfig_de0="inet 192.168.1.1 netmask 255.255.255.0" > hostname="autobot.veldt.com" > moused_port="/dev/cuaa0" > moused_type="intellimouse" > moused_enable="YES" > > firewall_enable="YES" > firewall_type="open" > > defaultrouter="216.128.57.254" > sshd_enable="YES" > natd_enable="YES" > natd_program="/sbin/natd" > natd_interface="dc0" > #natd_interface="216.128.57.99" > #ifconfig_dc0_alias0="inet 192.168.1.1 netmask 255.255.255.0" > ntpdate_enable="YES" > ntpdate_flags="time.apple.com" > xntpd_enable="YES" > named_enable="YES" > gateway_enable="YES" > #natd_flags="-redirect_port tcp 192.168.1.2:1200-1300 1200-1300" > #natd_flags="-redirect_port tcp 192.168.1.2:5190 5190" > #natd_flags="-a 216.128.57.99" > natd_flags="-log" > tcp_extensions="YES" > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message