From owner-freebsd-questions  Sat May  9 13:37:19 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA26934
          for freebsd-questions-outgoing; Sat, 9 May 1998 13:37:19 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA26928
          for <freebsd-questions@FreeBSD.ORG>; Sat, 9 May 1998 13:37:14 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id NAA03298;
          Sat, 9 May 1998 13:37:14 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Sat, 9 May 1998 13:37:14 -0700 (PDT)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Mark Szlaga <mszlaga@umdsun2.umd.umich.edu>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Ethernet -> natd -> Dynamic-IP dialup
In-Reply-To: <Pine.SOL.3.96.980509135934.6421A-300000@umdsun2.umd.umich.edu>
Message-ID: <Pine.BSF.3.96.980509133404.3051n-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 9 May 1998, Mark Szlaga wrote:

>    I recently changed the operating system on my internet firewall from
> Linux to FreeBSD.  This was done because I am tired of all the timeouts that
> IP-Masquerade causes, and was told that Natd is a far more superior program.
> That and FreeBSD networking runs much better as a router than Linux will
> ever pray to.  So far I am impressed in the performance of the machine,
> but cannot get networking to work properly. 

Good to hear! :)

>    Ok.  Here's the problem.  I can get the non-firewall enabled kernel
> to dialout (what I am using now) and I can set up the routes by hand (I
> am trying to fix this problem) but this is the only way I can get the
> machine to dialout.  When I do the proper kernel settings to get
> firewalling to work (IP_DIVERT and IP_FIREWALL) I can only get the
> network to work internally, and cannot even touch the dialup device. 
> That is, until I disable ed0, but then I cannot get the routes quite
> correct. 

When you turn the firewall on, it by default blocks everything until you
program other rules into it.  I'd suggest setting your firewall_type to
`open' mode in /etc/rc.conf, and then tune /etc/rc.firewall to taste.
Type `open' allows everything.  

Note that you have to add a rule to divert packets to natd.  That rule
should be on the natd manpage.

>    My question is if anyone sees anything blatently wrong, what can I do
> to change this.  I am happy with the operating system, just frustrated
> that it won't do what I want it to do...  And also it would be
> appreciated if you could point me in the right direction if this is
> somewhere in the FAQ or handbook, as I just compiled Lynx to be able to
> read it locally (lyn on vt100 is murder...) 

http://www.freebsd.org/docs.html should get you started.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message