From owner-freebsd-questions  Sun Mar  5 21:44:30 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from vingis.sc-uni.ktu.lt (vingis.sc-uni.ktu.lt [193.219.61.10])
	by hub.freebsd.org (Postfix) with ESMTP id 7DBFE37BC44
	for <freebsd-questions@FreeBSD.ORG>; Sun,  5 Mar 2000 21:44:12 -0800 (PST)
	(envelope-from mires@bigfoot.com)
Received: from kaunas ([193.219.73.147])
	by vingis.sc-uni.ktu.lt (8.9.0/8.9.0) with SMTP id HAA02674
	for <freebsd-questions@FreeBSD.ORG>; Mon, 6 Mar 2000 07:44:05 +0200 (EET)
Message-ID: <000c01bf8736$ba87a9e0$9349dbc1@eu.org>
From: "mires" <mires@bigfoot.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: aliasing natd and FW
Date: Mon, 6 Mar 2000 07:39:26 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0009_01BF873F.191725A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01BF873F.191725A0
Content-Type: text/plain;
	charset="iso-8859-4"
Content-Transfer-Encoding: quoted-printable

Hi there.

I'm using 3.4-RELEASE FreeBSD one network cart:
with FW & natd there are some lines form my config files

rc.config:
ifconfig_ed2=3D"inet 193.219.73.147  netmask 255.255.255.0"
defaultrouter=3D"193.219.73.44"
gateway_enable=3D"YES"
#natd
natd_program=3D"/sbin/natd"
natd_enable=3D"YES"
natd_interface=3D"193.219.73.147"
natd_flags=3D""
#Fire wall
firewall_enable=3D"YES"
firewall_type=3D"OPEN"
=20
rc.local
ifconfig ed2 alias 192.168.0.11 netmask 255.255.255.0

rc.firewall
 $fwcmd add divert natd all from any to any via ${natd_interface}
 $fwcmd add 10200 deny all from 192.168.0.0:255.255.0.0 to any via =
193.219.73.147
 $fwcmd add 10300 deny all from any to 192.168.0.0:255.255.0.0 via =
193.219.73.147


From my natd computer ant from the local network everything works just =
fine except:

1. from my local LAN (windoze PC's) i can't use tracert. ping go ok. but =
tracert:

Tracing route to hp710-3.lei.lt [193.219.73.43]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  193.219.73.147
  2     3 ms     3 ms     3 ms  193.219.73.147
  3    12 ms    12 ms    12 ms  193.219.73.147
  4    23 ms    29 ms    30 ms  193.219.73.147
...
 12   104 ms    70 ms   110 ms  hp710-3.lei.lt [193.219.73.43]
why it don't detect real servers IP/DNS ?
(from my proxy computter everything goes just fine)

2. the second problem: i realy cann't build a FW. i mean rule 10200 just =
block all=20
trafic from local LAN. (it means i can't block eavil private LAN's IP's  =
from=20
outside ?). what can i do ?

Sincerely
Dalius
aka
MamBo

------=_NextPart_000_0009_01BF873F.191725A0
Content-Type: text/html;
	charset="iso-8859-4"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-4" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi there.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I'm using 3.4-RELEASE FreeBSD one =
network=20
cart:<BR>with FW &amp; natd there are some lines form my config=20
files</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>rc.config:<BR>ifconfig_ed2=3D"inet=20
193.219.73.147&nbsp; netmask=20
255.255.255.0"<BR>defaultrouter=3D"193.219.73.44"<BR>gateway_enable=3D"YE=
S"<BR>#natd<BR>natd_program=3D"/sbin/natd"<BR>natd_enable=3D"YES"<BR>natd=
_interface=3D"193.219.73.147"<BR>natd_flags=3D""<BR>#Fire=20
wall<BR>firewall_enable=3D"YES"<BR>firewall_type=3D"OPEN"<BR>&nbsp;<BR>rc=
.local<BR>ifconfig=20
ed2 alias 192.168.0.11 netmask 255.255.255.0</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>rc.firewall<BR>&nbsp;$fwcmd add divert =
natd all=20
from any to any via ${natd_interface}<BR>&nbsp;$fwcmd add 10200 deny all =
from=20
192.168.0.0:255.255.0.0 to any via 193.219.73.147<BR>&nbsp;$fwcmd add =
10300 deny=20
all from any to 192.168.0.0:255.255.0.0 via 193.219.73.147</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><BR>From my natd computer ant from the =
local=20
network everything works just fine except:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>1. from my local LAN (windoze PC's) i =
can't use=20
tracert. ping go ok. but tracert:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Tracing route to hp710-3.lei.lt=20
[193.219.73.43]<BR>over a maximum of 30 hops:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp; 1&nbsp;&nbsp;&nbsp;&nbsp; 2=20
ms&nbsp;&nbsp;&nbsp;&nbsp; 1 ms&nbsp;&nbsp;&nbsp;&nbsp; 1 ms&nbsp;=20
193.219.73.147<BR>&nbsp; 2&nbsp;&nbsp;&nbsp;&nbsp; 3 =
ms&nbsp;&nbsp;&nbsp;&nbsp;=20
3 ms&nbsp;&nbsp;&nbsp;&nbsp; 3 ms&nbsp; 193.219.73.147<BR>&nbsp;=20
3&nbsp;&nbsp;&nbsp; 12 ms&nbsp;&nbsp;&nbsp; 12 ms&nbsp;&nbsp;&nbsp; 12 =
ms&nbsp;=20
193.219.73.147<BR>&nbsp; 4&nbsp;&nbsp;&nbsp; 23 ms&nbsp;&nbsp;&nbsp; 29=20
ms&nbsp;&nbsp;&nbsp; 30 ms&nbsp; =
193.219.73.147<BR>...<BR>&nbsp;12&nbsp;&nbsp;=20
104 ms&nbsp;&nbsp;&nbsp; 70 ms&nbsp;&nbsp; 110 ms&nbsp; hp710-3.lei.lt=20
[193.219.73.43]<BR>why it don't detect real servers IP/DNS ?<BR>(from my =
proxy=20
computter everything goes just fine)</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>2. the second problem: i realy cann't =
build a FW. i=20
mean rule 10200 just block all <BR>trafic from local LAN. (it means i =
can't=20
block eavil private LAN's IP's&nbsp; from <BR>outside ?). what can i do=20
?<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Sincerely</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Dalius</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>aka</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>MamBo</DIV></FONT></BODY></HTML>

------=_NextPart_000_0009_01BF873F.191725A0--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message