From owner-freebsd-questions Sun Mar 5 21:46:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cytosine.dhs.org (cx272244-a.orng1.occa.home.com [24.1.177.149]) by hub.freebsd.org (Postfix) with ESMTP id AF78537B998 for ; Sun, 5 Mar 2000 21:46:27 -0800 (PST) (envelope-from bhishan@cytosine.dhs.org) Received: (from bhishan@localhost) by cytosine.dhs.org (8.9.3/8.9.3) id VAA00360; Sun, 5 Mar 2000 21:46:47 -0800 (PST) (envelope-from bhishan) From: Bhishan Hemrajani Message-Id: <200003060546.VAA00360@cytosine.dhs.org> Subject: Re: aliasing natd and FW In-Reply-To: <000c01bf8736$ba87a9e0$9349dbc1@eu.org> from mires at "Mar 6, 2000 07:39:26 am" To: mires Date: Sun, 5 Mar 2000 21:46:46 -0800 (PST) Cc: freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The natd_interface in rc.conf is suppost to be a device name. (de1, xl0, ed0, etc.) It should be the interface connected to the connection on the internet. --bhishan [Charset iso-8859-4 unsupported, filtering to ASCII...] > Hi there. > > I'm using 3.4-RELEASE FreeBSD one network cart: > with FW & natd there are some lines form my config files > > rc.config: > ifconfig_ed2="inet 193.219.73.147 netmask 255.255.255.0" > defaultrouter="193.219.73.44" > gateway_enable="YES" > #natd > natd_program="/sbin/natd" > natd_enable="YES" > natd_interface="193.219.73.147" > natd_flags="" > #Fire wall > firewall_enable="YES" > firewall_type="OPEN" > > rc.local > ifconfig ed2 alias 192.168.0.11 netmask 255.255.255.0 > > rc.firewall > $fwcmd add divert natd all from any to any via ${natd_interface} > $fwcmd add 10200 deny all from 192.168.0.0:255.255.0.0 to any via 193.219.73.147 > $fwcmd add 10300 deny all from any to 192.168.0.0:255.255.0.0 via 193.219.73.147 > > > >From my natd computer ant from the local network everything works just fine except: > > 1. from my local LAN (windoze PC's) i can't use tracert. ping go ok. but tracert: > > Tracing route to hp710-3.lei.lt [193.219.73.43] > over a maximum of 30 hops: > > 1 2 ms 1 ms 1 ms 193.219.73.147 > 2 3 ms 3 ms 3 ms 193.219.73.147 > 3 12 ms 12 ms 12 ms 193.219.73.147 > 4 23 ms 29 ms 30 ms 193.219.73.147 > ... > 12 104 ms 70 ms 110 ms hp710-3.lei.lt [193.219.73.43] > why it don't detect real servers IP/DNS ? > (from my proxy computter everything goes just fine) > > 2. the second problem: i realy cann't build a FW. i mean rule 10200 just block all > trafic from local LAN. (it means i can't block eavil private LAN's IP's from > outside ?). what can i do ? > > Sincerely > Dalius > aka > MamBo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message