Date: Mon, 13 Oct 1997 11:23:57 -0400 (EDT) From: Thomas David Rivers <rivers@dignus.com> To: freebsd-hackers@freefall.FreeBSD.org Subject: two natd's running? Message-ID: <199710131523.LAA01999@lakes.dignus.com>
next in thread | raw e-mail | index | archive | help
This is a rather old question I'm just now getting around to...
What I have is a situation where I'd like to two SL/IP connections
going with multiple natd's running.
Several people had suggested simply having two divert rules in
rc.firewall and running the two natd's that way.
Here's what I've got the gateway (a 2.2-970510-RELENG machine) at
10.0.0.1:
ipfw -f flush
ipfw -f add 10 divert 32001 ip from any to 192.42.243.0/24 via sl1
ipfw -f add 20 divert 32000 ip from any to any via sl0
ipfw -f add pass ip from any to any
# ifconfig sl1
sl1: flags=9011<UP,POINTOPOINT,LINK0,MULTICAST> mtu 552
inet 192.42.243.10 --> 192.42.243.1 netmask 0xffffff00
# ifconfig sl0
sl0: flags=9010<POINTOPOINT,LINK0,MULTICAST> mtu 552
inet 166.82.177.48 --> 166.82.100.202 netmask 0xffffff00
#
And - from /etc/rc.local:
if [ -f /usr/local/bin/natd ]; then
echo -n " natd"; /usr/local/bin/natd -l -port 32000 -interface sl0 -m -u -dynamic
echo -n " natd"; /usr/local/bin/natd -l -port 32001 -interface sl1 -m -u -dynamic
fi
And - my routing table (from netstat -rn):
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 166.82.100.202 UGSc 1 0 sl0
10/24 link#1 UC 0 0
10.0.0.3 0:40:33:22:a2:6b UHLW 5 947 ed0 434
10.23.1.112 192.42.243.1 UGHS 0 0 sl1
10.23.1.115 192.42.243.1 UGHS 0 0 sl1
10.26.1.153 192.42.243.1 UGHS 0 0 sl1
10.26.1.157 192.42.243.1 UGHS 0 0 sl1
10.26.149.40 192.42.243.1 UGHS 0 0 sl1
10.252.1.2 192.42.243.1 UGHS 0 0 sl1
10.253.1.2 192.42.243.1 UGHS 0 0 sl1
16.1.0.2 166.82.100.202 UGHS 0 0 sl0
127.0.0.1 127.0.0.1 UH 0 0 lo0
130.96.1.21 192.42.243.1 UGHS 0 0 sl1
149.173.52.101 192.42.243.1 UGHS 0 0 sl1
149.173.52.209 192.42.243.1 UGHS 0 0 sl1
149.173.160.12 192.42.243.1 UGHS 1 129 sl1
149.173.166.232 192.42.243.1 UGHS 0 0 sl1
166.82.100.202 166.82.177.48 UH 5 0 sl0
172.16.0.200 192.42.243.1 UGHS 0 0 sl1
192.42.243.1 192.42.243.10 UH 13 8 sl1
192.216.191.11 166.82.100.202 UGHS 0 0 sl0
192.216.222.4 166.82.100.202 UGHS 0 0 sl0
Now - when I try to get to 148.173.160.12 on the gateway machine,
everything works...
But - when I'm on an interior-to-my-network (a 10.0.0.0-based interior
network) - I can't reach 148.173.160.12 (or anything exterior for that
matter...)
This is also version 1.5 of natd (a rather older version now...)
I've obviously got something wrong with my firewall setup - I'm betting
it's something obvious to those who do this a lot... :-)
- Thanks -
- Dave Rivers -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710131523.LAA01999>