From owner-freebsd-questions  Sat Jan 15 20:43:56 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 24B6914FA1
	for <questions@FreeBSD.ORG>; Sat, 15 Jan 2000 20:43:41 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id XAA57970;
	Sat, 15 Jan 2000 23:47:53 -0500 (EST)
	(envelope-from cjc)
Date: Sat, 15 Jan 2000 23:47:53 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: "Briggs, Jeremy M" <BriggsJM@corp.earthlink.net>
Cc: "'questions@freebsd.org'" <questions@FreeBSD.ORG>
Subject: Re: NATD
Message-ID: <20000115234753.B57728@cc942873-a.ewndsr1.nj.home.com>
References: <97FCD12BF275D311960900508B6F3B64010D2F1D@sac-folsom.mis.earthlink.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <97FCD12BF275D311960900508B6F3B64010D2F1D@sac-folsom.mis.earthlink.net>; from BriggsJM@corp.earthlink.net on Sat, Jan 15, 2000 at 07:26:32PM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jan 15, 2000 at 07:26:32PM -0800, Briggs, Jeremy M wrote:
> Dear sir or madam,
> 	
> 	I am attempting to use FreeBSD as an internet gateway; natd is the
> routing deamon I am attempting to use.

NATd is not a routing daemon. But anyway...

[snip]
> 	The FreeBSD machine, is able to ping all machines on the LAN, and is
> able to access the internet just fine; inversely, all machines on the lan
> are able to ping the FreeBSD machine.  IP's on the lan are 192.168.x .  NATD
> is enabled and loads with BSD,

OK, so it sounds like the internal network is OK, and the NATd
machine's public interface is OK. Sounds like the problem must be
NATd.

> 	When attempting to ping out the to internet, using the BSD machine
> as a gateway, from another machine on the network, packets are transmitted
> to the internet each time a ping is sent however no packets are ever
> recieved from the internet.  All pings time out except if they are initiated
> from the FreeBSD box.  What do you suggest?  What should I check?

First, what are the arguments being sent to natd(8)? I assume you are
doing it from /etc/rc.conf? So what are,

  natd_program="/sbin/natd"       # path to natd, if you want a different one.
  natd_enable="NO"                # Enable natd (if firewall_enable == YES).
  natd_interface="fxp0"           # Public interface or IPaddress to use.
  natd_flags=""                   # Additional flags for natd.

Set to, if anything?

> On a side note, I think the packets are being aliased incorrectly, however I
> am not sure how to check this or how to correct this if this is the problem.

You can snoop the external interface and watch to see if the ping
packets are making it out and if they come back,

  # tcpdump -i <external_interface> 'proto \icmp'

While an internal machine pings something on the Internet.

Since you must have ipfw(8) rules on the NATd machine, do you have any
rules there that might be blocking pings?
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message