Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Mar 2000 21:46:46 -0800 (PST)
From:      Bhishan Hemrajani <bhishan@cytosine.dhs.org>
To:        mires <mires@bigfoot.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: aliasing natd and FW
Message-ID:  <200003060546.VAA00360@cytosine.dhs.org>
In-Reply-To: <000c01bf8736$ba87a9e0$9349dbc1@eu.org> from mires at "Mar 6, 2000 07:39:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help 

The natd_interface in rc.conf is suppost to be a device name.
(de1, xl0, ed0, etc.)

It should be the interface connected to the connection on the internet.

--bhishan

[Charset iso-8859-4 unsupported, filtering to ASCII...]
> Hi there.
> 
> I'm using 3.4-RELEASE FreeBSD one network cart:
> with FW & natd there are some lines form my config files
> 
> rc.config:
> ifconfig_ed2="inet 193.219.73.147  netmask 255.255.255.0"
> defaultrouter="193.219.73.44"
> gateway_enable="YES"
> #natd
> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="193.219.73.147"
> natd_flags=""
> #Fire wall
> firewall_enable="YES"
> firewall_type="OPEN"
>  
> rc.local
> ifconfig ed2 alias 192.168.0.11 netmask 255.255.255.0
> 
> rc.firewall
>  $fwcmd add divert natd all from any to any via ${natd_interface}
>  $fwcmd add 10200 deny all from 192.168.0.0:255.255.0.0 to any via 193.219.73.147
>  $fwcmd add 10300 deny all from any to 192.168.0.0:255.255.0.0 via 193.219.73.147
> 
> 
> >From my natd computer ant from the local network everything works just fine except:
> 
> 1. from my local LAN (windoze PC's) i can't use tracert. ping go ok. but tracert:
> 
> Tracing route to hp710-3.lei.lt [193.219.73.43]
> over a maximum of 30 hops:
> 
>   1     2 ms     1 ms     1 ms  193.219.73.147
>   2     3 ms     3 ms     3 ms  193.219.73.147
>   3    12 ms    12 ms    12 ms  193.219.73.147
>   4    23 ms    29 ms    30 ms  193.219.73.147
> ...
>  12   104 ms    70 ms   110 ms  hp710-3.lei.lt [193.219.73.43]
> why it don't detect real servers IP/DNS ?
> (from my proxy computter everything goes just fine)
> 
> 2. the second problem: i realy cann't build a FW. i mean rule 10200 just block all 
> trafic from local LAN. (it means i can't block eavil private LAN's IP's  from 
> outside ?). what can i do ?
> 
> Sincerely
> Dalius
> aka
> MamBo



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003060546.VAA00360>