From owner-freebsd-hackers Mon Oct 13 09:47:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA05526 for hackers-outgoing; Mon, 13 Oct 1997 09:47:23 -0700 (PDT) (envelope-from owner-freebsd-hackers) Received: from elvis.vnet.net (elvis.vnet.net [166.82.1.5]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA05520 for ; Mon, 13 Oct 1997 09:47:19 -0700 (PDT) (envelope-from rivers@dignus.com) Received: from ponds.dignus.com (ponds.vnet.net [166.82.177.48]) by elvis.vnet.net (8.8.5/8.8.4) with ESMTP id MAA18896 for ; Mon, 13 Oct 1997 12:46:42 -0400 (EDT) Received: from lakes.dignus.com (lakes [10.0.0.3]) by ponds.dignus.com (8.8.5/8.8.5) with ESMTP id LAA00199 for ; Mon, 13 Oct 1997 11:33:16 -0400 (EDT) Received: (from rivers@localhost) by lakes.dignus.com (8.8.5/8.6.9) id LAA01999 for freebsd-hackers@freefall.cdrom.com; Mon, 13 Oct 1997 11:23:57 -0400 (EDT) Date: Mon, 13 Oct 1997 11:23:57 -0400 (EDT) From: Thomas David Rivers Message-Id: <199710131523.LAA01999@lakes.dignus.com> To: freebsd-hackers@freefall.FreeBSD.org Subject: two natd's running? Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk This is a rather old question I'm just now getting around to... What I have is a situation where I'd like to two SL/IP connections going with multiple natd's running. Several people had suggested simply having two divert rules in rc.firewall and running the two natd's that way. Here's what I've got the gateway (a 2.2-970510-RELENG machine) at 10.0.0.1: ipfw -f flush ipfw -f add 10 divert 32001 ip from any to 192.42.243.0/24 via sl1 ipfw -f add 20 divert 32000 ip from any to any via sl0 ipfw -f add pass ip from any to any # ifconfig sl1 sl1: flags=9011 mtu 552 inet 192.42.243.10 --> 192.42.243.1 netmask 0xffffff00 # ifconfig sl0 sl0: flags=9010 mtu 552 inet 166.82.177.48 --> 166.82.100.202 netmask 0xffffff00 # And - from /etc/rc.local: if [ -f /usr/local/bin/natd ]; then echo -n " natd"; /usr/local/bin/natd -l -port 32000 -interface sl0 -m -u -dynamic echo -n " natd"; /usr/local/bin/natd -l -port 32001 -interface sl1 -m -u -dynamic fi And - my routing table (from netstat -rn): # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 166.82.100.202 UGSc 1 0 sl0 10/24 link#1 UC 0 0 10.0.0.3 0:40:33:22:a2:6b UHLW 5 947 ed0 434 10.23.1.112 192.42.243.1 UGHS 0 0 sl1 10.23.1.115 192.42.243.1 UGHS 0 0 sl1 10.26.1.153 192.42.243.1 UGHS 0 0 sl1 10.26.1.157 192.42.243.1 UGHS 0 0 sl1 10.26.149.40 192.42.243.1 UGHS 0 0 sl1 10.252.1.2 192.42.243.1 UGHS 0 0 sl1 10.253.1.2 192.42.243.1 UGHS 0 0 sl1 16.1.0.2 166.82.100.202 UGHS 0 0 sl0 127.0.0.1 127.0.0.1 UH 0 0 lo0 130.96.1.21 192.42.243.1 UGHS 0 0 sl1 149.173.52.101 192.42.243.1 UGHS 0 0 sl1 149.173.52.209 192.42.243.1 UGHS 0 0 sl1 149.173.160.12 192.42.243.1 UGHS 1 129 sl1 149.173.166.232 192.42.243.1 UGHS 0 0 sl1 166.82.100.202 166.82.177.48 UH 5 0 sl0 172.16.0.200 192.42.243.1 UGHS 0 0 sl1 192.42.243.1 192.42.243.10 UH 13 8 sl1 192.216.191.11 166.82.100.202 UGHS 0 0 sl0 192.216.222.4 166.82.100.202 UGHS 0 0 sl0 Now - when I try to get to 148.173.160.12 on the gateway machine, everything works... But - when I'm on an interior-to-my-network (a 10.0.0.0-based interior network) - I can't reach 148.173.160.12 (or anything exterior for that matter...) This is also version 1.5 of natd (a rather older version now...) I've obviously got something wrong with my firewall setup - I'm betting it's something obvious to those who do this a lot... :-) - Thanks - - Dave Rivers -