Date: Sat, 25 Jan 2003 03:59:46 -0500 From: "Asenchi" <asenchi@asenchi.com> To: <freebsd-questions@freebsd.org> Subject: Firewall + Cable Modem Message-ID: <NHBBIMEIGLCBNPAEPGDPAEAPCJAA.asenchi@asenchi.com>
next in thread | raw e-mail | index | archive | help
Hello All, I have worked by butt off on this, reading everything I could find on the subjects. Some reason I can't get this to work. I know it is probably really simple, but could someone please help me? I am configuring an IPFW firewall that will act as a gateway and run natd. It will be on a Dynamic IP cable modem. There will be 25 users behind it. I cannot get my card to remain connected, it keeps dropping its addressing, or so it appears in IFCONFIG. I have included below outputs of various processes for you all. Thank you in advance for any help you are able to offer. Curt Micol #uname -a FreeBSD world.attbi.com 4.7-STABLE FreeBSD 4.7-STABLE #6: Fri Jan 24 22:05:56 EST 2003 asenchi@world:/usr/obj/usr/src/sys/ASENCHI i386 #vi /etc/rc.conf # -- sysinstall generated deltas -- # Thu Nov 14 10:01:53 2002 # Created: Thu Nov 14 10:01:53 2002 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. #Network Stuff hostname="world.attbi.com" ifconfig_vr0="DHCP" ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_xl0="inet 192.168.1.1 netmask 255.255.255.0" gateway_enable="YES" #Misc Options inetd_enable="NO" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" ntpdate_enable="YES" ntpdate_flags="clock.linuxshell.net" sshd_enable="YES" sshd_flags="-4" usbd_enable="NO" syslogd_enable="YES" syslogd_flags="-ss" clear_tmp_enable="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" icmp_bmcastecho="NO" fsck_y_enable="YES" linux_enable="NO" moused_enable="NO" portmap_enable="NO" #Firewall firewall_enable="YES" #firewall_type="OPEN" firewall_type="/etc/rc.firewall" firewall_quiet="YES" firewall_logging="YES" log_in_vain="YES" #NATD natd_enable="YES" natd_interface="vr0" natd_flags="-f /etc/natd.conf" sendmail_enable="NONE" #qmail options qmail_smtp_enable="YES" qmail_pop_enable="YES" qmail_enable="YES" #ps -acux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 1033 0.0 0.1 420 248 v0 R+ 3:20AM 0:00.00 ps root 1 0.0 0.1 552 316 ?? ILs 9:43PM 0:00.01 init root 2 0.0 0.0 0 0 ?? DL 9:43PM 0:00.00 pagedaemon root 3 0.0 0.0 0 0 ?? DL 9:43PM 0:00.00 vmdaemon root 4 0.0 0.0 0 0 ?? DL 9:43PM 0:00.02 bufdaemon root 5 0.0 0.0 0 0 ?? DL 9:43PM 0:00.05 vnlru root 6 0.0 0.0 0 0 ?? DL 9:43PM 0:00.47 syncer root 25 0.0 0.0 212 96 ?? Is 9:43PM 0:00.00 adjkerntz root 62 0.0 0.3 944 728 ?? Is 2:43AM 0:00.00 dhclient root 130 0.0 0.3 972 656 ?? Ss 2:43AM 0:00.26 syslogd root 138 0.0 0.3 1024 764 ?? Is 2:43AM 0:00.01 cron root 140 0.0 0.7 2324 1744 ?? Is 2:43AM 0:00.00 sshd qmaild 164 0.0 0.2 896 392 con- I 2:43AM 0:00.00 tcpserver root 165 0.0 0.2 896 392 con- I 2:43AM 0:00.00 tcpserver qmails 166 0.0 0.2 948 508 con- I 2:43AM 0:00.10 qmail-send qmaill 171 0.0 0.2 896 504 con- I 2:43AM 0:00.02 splogger root 172 0.0 0.2 896 476 ?? I 2:43AM 0:00.01 qmail-lspawn qmailr 173 0.0 0.2 896 412 ?? I 2:43AM 0:00.00 qmail-rspawn qmailq 174 0.0 0.2 884 440 ?? I 2:43AM 0:00.00 qmail-clean root 175 0.0 0.4 1268 948 v0 Is 2:43AM 0:00.03 login root 177 0.0 0.3 952 644 v2 Is+ 2:43AM 0:00.00 getty root 178 0.0 0.3 952 644 v3 Is+ 2:43AM 0:00.00 getty root 179 0.0 0.3 952 644 v4 Is+ 2:43AM 0:00.00 getty root 180 0.0 0.3 952 644 v5 Is+ 2:43AM 0:00.00 getty root 181 0.0 0.3 952 644 v6 Is+ 2:43AM 0:00.00 getty root 182 0.0 0.3 952 644 v7 Is+ 2:43AM 0:00.00 getty asenchi 198 0.0 0.2 636 440 v0 I 2:43AM 0:00.01 sh root 212 0.0 0.4 1488 1116 v0 S 2:44AM 0:00.21 csh root 300 0.0 0.4 1268 948 v1 Is 2:46AM 0:00.04 login root 677 0.0 0.4 1492 1128 v1 I+ 3:01AM 0:00.08 csh root 1022 0.0 0.1 432 308 ?? Ss 3:19AM 0:00.00 natd root 0 0.0 0.0 0 0 ?? DLs 9:43PM 0:00.00 swapper #/etc/netstart Doing stage one network startup: Doing initial network setup:. vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::240:33ff:fe5a:748a%vr0 prefixlen 64 scopeid 0x1 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 ether 00:40:33:5a:74:8a media: Ethernet autoselect (100baseTX <full-duplex>) status: active xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3<rxcsum,txcsum> inet6 fe80::204:76ff:fec5:f4a2%xl0 prefixlen 64 scopeid 0x2 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:04:76:c5:f4:a2 media: Ethernet autoselect (none) status: no carrier rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::250:bfff:fe90:6d98%rl0 prefixlen 64 scopeid 0x3 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:50:bf:90:6d:98 media: Ethernet autoselect (none) status: no carrier lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 Flushed all rules. 00050 divert 8668 ip from any to any via vr0 00500 allow ip from 192.168.0.1 to 192.168.0.0/24 00501 allow ip from 192.168.0.0/24 to 192.168.0.1 00502 allow tcp from any to any established 00503 deny ip from 192.168.0.0/24 to any in recv vr0 00504 deny ip from 255.0.0.0/8 to any in recv rl0 00505 allow ip from any to any frag 00506 allow tcp from any to 0.0.0.0 53 setup 00507 allow udp from any to 0.0.0.0 53 00508 allow udp from 0.0.0.0 53 to any 00509 allow udp from 0.0.0.0 to any 53 keep-state 00510 allow tcp from any to any 22 setup 00511 allow tcp from any 22 to any setup Firewall rules loaded, starting divert daemons: natd. Firewall logging=YES Additional routing options: ignore ICMP redirect=YES log ICMP redirect=YES IP gateway=YES TCP keepalive=YES. Routing daemons:. Logs: Jan 25 03:03:00 world dhclient: Listening on BPF/vr0/00:40:33:5a:74:8a Jan 25 03:03:00 world dhclient: Sending on BPF/vr0/00:40:33:5a:74:8a Jan 25 03:03:00 world dhclient: Can't bind to dhcp address: Address already in use Jan 25 03:03:00 world dhclient: Please make sure there is no other dhcp server Jan 25 03:03:00 world dhclient: running and that there's no entry for dhcp or Jan 25 03:03:00 world dhclient: bootp in /etc/inetd.conf. Also make sure you Jan 25 03:03:00 world dhclient: are not running HP JetAdmin software, which Jan 25 03:03:00 world dhclient: includes a bootp server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NHBBIMEIGLCBNPAEPGDPAEAPCJAA.asenchi>