Date: Sat, 9 May 1998 14:17:07 -0400 (EDT) From: Mark Szlaga <mszlaga@umdsun2.umd.umich.edu> To: freebsd-questions@FreeBSD.ORG Subject: Ethernet -> natd -> Dynamic-IP dialup Message-ID: <Pine.SOL.3.96.980509135934.6421A-300000@umdsun2.umd.umich.edu>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Greetings, I recently changed the operating system on my internet firewall from Linux to FreeBSD. This was done because I am tired of all the timeouts that IP-Masquerade causes, and was told that Natd is a far more superior program. That and FreeBSD networking runs much better as a router than Linux will ever pray to. So far I am impressed in the performance of the machine, but cannot get networking to work properly. Ok. Here's the problem. I can get the non-firewall enabled kernel to dialout (what I am using now) and I can set up the routes by hand (I am trying to fix this problem) but this is the only way I can get the machine to dialout. When I do the proper kernel settings to get firewalling to work (IP_DIVERT and IP_FIREWALL) I can only get the network to work internally, and cannot even touch the dialup device. That is, until I disable ed0, but then I cannot get the routes quite correct. My question is if anyone sees anything blatently wrong, what can I do to change this. I am happy with the operating system, just frustrated that it won't do what I want it to do... And also it would be appreciated if you could point me in the right direction if this is somewhere in the FAQ or handbook, as I just compiled Lynx to be able to read it locally (lyn on vt100 is murder...) Attached to this message is my /etc/rc.conf file, and my kernel config file. Thanks for any help that you might be able to lend. Mark Mark Szlaga mszlaga@umd.umich.edu http://www.umd.umich.edu/~mszlaga/ /dev/hdb5 - 0.5Gb of spinning metal, all alone in the night... - unknown - alt.sysadmin.recovery /dev/hdb5 - our last best hope for free space... - Chip Salzenberg - <chip@pobox.com> [-- Attachment #2 --] #!/bin/sh # # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. # # All arguments must be in double or single quotes. # # $Id: rc.conf,v 1.1.2.40 1998/03/15 16:39:41 jkh Exp $ ############################################################## ### Important initial Boot-time options ##################### ############################################################## swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES if you want APM enabled. pccard_enable="NO" # Set to YES if you want to configure PCCARD devices. pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address. pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO). local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network options: ### hostname="wormhole.szlaga.net" # Set this! nisdomainname="NO" # Set to NIS domain if using NIS (or NO). firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="NONE" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="ppp0 ed0 lo0" # List of network interfaces (lo0 is loopback). ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="" # Flags to syslogd (if enabled). inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="" # Optional flags to inetd. named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # named program, in case we want bind8 instead. named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). kerberos_server_enable="NO" # Run a kerberos master server (or NO). kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on # a slave kerberos server kerberos_stash="" # Is the kerberos master key stashed? rwhod_enable="NO" # Run the rwho daemon (or NO). amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t 4" # Flags to nfsd (if enabled). mountd_flags="-r" # Flags to mountd (if NFS server enabled). nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). portmap_enable="YES" # Run the portmapper service (or NO). portmap_flags="" # Flags to portmap (if enabled). rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run the ntpdate to sync time (or NO). ntpdate_flags="" # Flags to ntpdate (if enabled). xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO). xntpd_flags="" # Flags to xntpd (if enabled). tickadj_enable="NO" # Run tickadj (or NO). tickadj_flags="-Aq" # Flags to tickadj (if enabled). # Network Information Services (NIS) options: ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### Network routing options: ### defaultrouter="192.168.1.1" # Set to default gateway (or NO). static_routes="NO" # Set to static route list (or leave empty). gateway_enable="YES" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. router_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf). mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us ############################################################## ### System console options ################################# ############################################################## keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # bell to duration.pitch or normal or visual (or NO). keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="600" # blank time (in seconds) or "NO" to turn it off. saver="green" # screen saver: blank/daemon/green/snake/star/NO. moused_enable="YES" # Run the mouse daemon. moused_type="microsoft" # See man page for rc.conf(5) for available settings. moused_port="/dev/cuaa0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. ############################################################## ### Miscellaneous administrative options ################### ############################################################## cron_enable="YES" # Run the periodic job daemon. lpd_enable="NO" # Run the line printer daemon. lpd_flags="" # Flags to lpd (if enabled). sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # -bd is pretty mandatory. dumpdev="NO" # Device name to crashdump to (if enabled). check_quotas="NO" # Check quotas (or NO). accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). linux_enable="NO" # Linux emulation loaded at startup (or NO). rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). clear_tmp_enable="NO" # Clear /tmp at startup. ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ############################################################## ### Allow local configuration override at the very end here ## ############################################################## if [ -f /etc/rc.conf.local ]; then . /etc/rc.conf.local fi [-- Attachment #3 --] # # GENERIC -- Generic machine with WD/AHx/NCR/BTx family disks # # For more information read the handbook part System Administration -> # Configuring the FreeBSD Kernel -> The Configuration File. # The handbook is available in /usr/share/doc/handbook or online as # latest version from the FreeBSD World Wide Web server # <URL:http://www.FreeBSD.ORG/>; # # An exhaustive list of options and more detailed explanations of the # device lines is present in the ./LINT configuration file. If you are # in doubt as to the purpose or necessity of a line, check first in LINT. # # $Id: GENERIC,v 1.77.2.22 1998/03/24 01:20:14 jkh Exp $ machine "i386" cpu "I486_CPU" ident wormhole maxusers 10 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options NFS #Network Filesystem options PROCFS #Process filesystem options "COMPAT_43" #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device options BOUNCE_BUFFERS #include support for DMA bounce buffers options UCONSOLE #Allow users to grab the console options FAILSAFE #Be conservative options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options IPDIVERT options IPFIREWALL config kernel root on wd0 controller isa0 controller eisa0 controller pci0 controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr disk fd0 at fdc0 drive 0 disk fd1 at fdc0 drive 1 controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr disk wd0 at wdc0 drive 0 disk wd1 at wdc0 drive 1 # A single entry for any of these controllers (ncr, ahb, ahc, amd) is # sufficient for any number of installed devices. # # Note: The dpt driver is present in this release but was left disabled # due to its relatively late entry (it's almost certainly benign to enable # it but we didn't want to risk any chance of destabilizing 2.2.6). To # enable DPT support, uncomment the dpt0 controller entry and the two # options DPTOPT and DPT_MEASURE_PERFORMANCE entries below. #controller ncr0 #controller amd0 #controller ahb0 #controller ahc0 ##controller dpt0 #controller bt0 at isa? port "IO_BT0" bio irq ? vector bt_isa_intr controller uha0 at isa? port "IO_UHA0" bio irq ? drq 5 vector uhaintr #controller aha0 at isa? port "IO_AHA0" bio irq ? drq 5 vector ahaintr #controller aic0 at isa? port 0x340 bio irq 11 vector aicintr #controller nca0 at isa? port 0x1f88 bio irq 10 vector ncaintr #controller nca1 at isa? port 0x350 bio irq 5 vector ncaintr #controller sea0 at isa? bio irq 5 iomem 0xc8000 iosiz 0x2000 vector seaintr #options DPTOPT # will go away soon #options DPT_MEASURE_PERFORMANCE # just enable for now #options DPT_VERIFY_HINTR # Some hardware must have it! #options DPT_TRACK_CCB_STATES # Some hardware must have it! #options DPT_HANDLE_TIMEOUTS # Some hardware must have it! #options DPT_TIMEOUT_FACTOR=4 # Some hardware needs more controller scbus0 device sd0 #device od0 #See LINT for possible `od' options. #device st0 #device cd0 #Only need one of these, the code dynamically grows #device wt0 at isa? port 0x300 bio irq 5 drq 1 vector wtintr #device mcd0 at isa? port 0x300 bio irq 10 vector mcdintr #controller matcd0 at isa? port 0x230 bio #device scd0 at isa? port 0x230 bio # syscons is the default console driver, resembling an SCO console device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver #device vt0 at isa? port "IO_KBD" tty irq 1 vector pcrint #options XSERVER # support for X server #options FAT_CURSOR # start with block cursor # If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines #options PCVT_SCANSET=2 # IBM keyboards are non-std # Mandatory, don't remove device npx0 at isa? port "IO_NPX" flags 0x1 irq 13 vector npxintr # # Laptop support (see LINT for more options) # #device apm0 at isa? disable # Advanced Power Management #options APM_BROKEN_STATCLOCK # Workaround some buggy APM BIOS # PCCARD (PCMCIA) support #controller card0 #device pcic0 at card? #device pcic1 at card? device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr device sio1 at isa? port "IO_COM2" tty irq 3 vector siointr device sio2 at isa? disable port "IO_COM3" tty irq 4 vector siointr device sio3 at isa? disable port "IO_COM4" tty irq 3 vector siointr device lpt0 at isa? port? tty irq 7 vector lptintr device lpt1 at isa? disable port? tty #device mse0 at isa? port 0x23c tty irq 5 vector mseintr #device psm0 at isa? port "IO_KBD" conflicts tty irq 12 vector psmintr # Order is important here due to intrusive probes, do *not* alphabetize # this list of network interfaces until the probes have been fixed. # Right now it appears that the ie0 must be probed before ep0. See # revision 1.20 of this file. #device de0 #device fxp0 #device tx0 #device vx0 device ed0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector edintr #device ie0 at isa? port 0x300 net irq 10 iomem 0xd0000 vector ieintr #device ep0 at isa? port 0x300 net irq 10 vector epintr #device ex0 at isa? port? net irq? vector exintr #device fe0 at isa? port 0x300 net irq ? vector feintr #device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 vector le_intr #device lnc0 at isa? port 0x280 net irq 10 drq 0 vector lncintr #device ze0 at isa? port 0x300 net irq 5 iomem 0xd8000 vector zeintr #device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector zpintr pseudo-device loop pseudo-device ether pseudo-device log pseudo-device sl 1 pseudo-device ppp 1 pseudo-device vn 1 pseudo-device tun 1 pseudo-device pty 16 pseudo-device bpfilter 4 pseudo-device gzip # Exec gzipped a.out's # KTRACE enables the system-call tracing facility ktrace(2). # This adds 4 KB bloat to your kernel, and slightly increases # the costs of each syscall. #options KTRACE #kernel tracing # This provides support for System V shared memory. # options SYSVSHM options SYSVMSG options SYSVSEM
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980509135934.6421A-300000>