Date: Thu, 01 Jul 1999 17:50:17 -0700 (PDT) From: Christian Sung <christian@i-drive.com> To: "Ron 'The InSaNe One' Rosson" <insane@lunatic.oneinsane.net> Cc: freebsd-net@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: RE: NATD/VPN using -pptpalias Message-ID: <XFMail.990701175017.christian@i-drive.com> In-Reply-To: <19990701164347.B22149@lunatic.oneinsane.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01-Jul-99 Ron 'The InSaNe One' Rosson wrote:
> I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN
> connection
> from a client behind the NATD box to a Server out on the internet. At this
> time
> I am getting erro, timeout exceeded while waiting for reply.
>
> excerpt from rc.conf
> natd_enable="YES"
> natd_interface="ed0"
> natd_flags="-pptpalias 192.168.2.7"
>
> excerpt from rc.firewall
> if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
> $fwcmd add divert natd all from any to any via ${natd_interface}
> fi
>
> edo is the line out to my cable modem and ed1 goes for my private network
> using
> addresses <192.168.x.x>
>
---
Ron,
Try this:
natd_interface="ed0" # Public interface to use with natd.
natd_flags="-u"
and make sure NATD is started *BEFORE* loading up the firewall rules. I do so
inside rc-firewall itself (it used to be started in rc.network, but that was
too late in the startup process). It works like a charm for me :-)
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \
-a X"${firewall_enable}" = X"YES" ]; then
if echo ${natd_interface} | \
grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
natd_ifarg="-a ${natd_interface}"
else
natd_ifarg="-n ${natd_interface}"
fi
echo 'Starting Network Address Translation daemon (natd)'
natd ${natd_flags} ${natd_ifarg}
fi # Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \
-a X"${firewall_enable}" = X"YES" ]; then
if echo ${natd_interface} | \
grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
natd_ifarg="-a ${natd_interface}"
else
natd_ifarg="-n ${natd_interface}"
fi
echo 'Starting Network Address Translation daemon (natd)'
natd ${natd_flags} ${natd_ifarg}
fi
-christian
Christian W. Sung
===============================================================
PGP Key Fingerprint:
F6E2 0372 F765 28B6 6D34 7DF4 A928 A7AF 59A0 04CD
===============================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990701175017.christian>