From owner-freebsd-questions Sat Jul 3 10:23:14 1999 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 7981214EEC for ; Sat, 3 Jul 1999 10:22:57 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id UAA94436; Sat, 3 Jul 1999 20:22:18 +0300 (EEST) (envelope-from ru) Date: Sat, 3 Jul 1999 20:22:18 +0300 From: Ruslan Ermilov To: Arcady Genkin Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd and ipfw Message-ID: <19990703202218.B89476@relay.ucb.crimea.ua> Mail-Followup-To: Arcady Genkin , freebsd-questions@FreeBSD.ORG References: <87u2rmryss.fsf@main.wgaf.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <87u2rmryss.fsf@main.wgaf.net>; from Arcady Genkin on Sat, Jul 03, 1999 at 03:13:23AM -0400 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jul 03, 1999 at 03:13:23AM -0400, Arcady Genkin wrote: > Hi all: > > I've attempted to configure ipfirewalling/masquerading on an FreeBSD > 3.2-Release. Here's what I did: > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPDIVERT > > then I added in /etc/rc.conf: > > gateway_enable="YES" > ipfw add allow all from any to any > It would make sense if you read the natd(8) manpage, section ``RUNNING NATD'', and look at the ipfw's rules there. > #I'll play with this later > > then I rebooted and ran "natd -interface ed0" > > I have 2 computers in my network -- the firewall named "door" 192.168.1.1 and a > workstation named "main" 192.168.1.2. "door" is connected to internet > via ed1 (ADSL connection with dhclient), and is able to ping, telnet, > ftp, etc. both into the internet and into "main". It connects to main > via ed0. > > "main" is able to connect to "door" in any possible method > (i.e. internal tcp/ip link works OK). It runs Linux 2.2.10, and I'm telling > it to use "door" as its router: > > ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up > route add -net 192.168.1.0 netmask 255.255.255.0 eth0 > route add default gw 192.168.1.1 eth0 > > However, "main" is unable to ping anything in the internet. I get the > feeling that it routes packets out correctly, because if I ping > something, then the nic on "door" flashes LEDs. > > Can somebody think of something that I'm doing wrong? Thanks a lot in advance! > > Here's output of netstat -r and netstat -i on "door": > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default HSE-TOR-ppp22711.s UGSc 1 17 ed1 > localhost localhost UH 1 0 lo0 > 192.168.1 link#1 UC 0 0 ed0 > main 0:80:c8:f2:c6:14 UHLW 0 5 ed0 1191 > 209.226.71 link#2 UC 0 0 ed1 > HSE-TOR-ppp22711.s 0:90:6f:fc:f8:20 UHLW 2 0 ed1 736 > HSE-TOR-ppp22919.s localhost UGHS 0 0 lo0 > > Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll > ed0 1500 00.80.c8.ec.0f.39 47 0 13 0 0 > ed0 1500 192.168.1 door 47 0 13 0 0 > ed1 1500 52.54.4c.17.c9.5c 17 0 52 0 0 > ed1 1500 209.226.71 HSE-TOR-ppp2291 17 0 52 0 0 > lo0 16384 0 0 0 0 0 > lo0 16384 127 localhost 0 0 0 0 0 > > ========= > Here's output of the same commands on "main": > > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > localnet * 255.255.255.0 U 0 0 0 eth0 > localnet * 255.255.255.0 U 0 0 0 eth0 > default door.wgaf.net 0.0.0.0 UG 0 0 0 eth0 > > Kernel Interface table > Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg > eth0 1500 0 4562 0 0 0 12075 3 0 0 BRU > lo 3924 0 11 0 0 0 11 0 0 0 LRU > > -- > Arcady Genkin > "... without money one gets nothing in this world, not even a certificate > of eternal blessedness in the other world..." (S. Kierkegaard) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message