From owner-freebsd-questions Sat Sep 23 23:31:41 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.tetronsoftware.com (ns1.tetronsoftware.com [64.217.1.41]) by hub.freebsd.org (Postfix) with ESMTP id 5543D37B424 for ; Sat, 23 Sep 2000 23:31:38 -0700 (PDT) Received: from ns1.tetronsoftware.com (ns1.tetronsoftware.com [64.217.1.41]) by ns1.tetronsoftware.com (8.11.0/8.9.3) with ESMTP id e8O6VUF02269; Sun, 24 Sep 2000 01:31:30 -0500 (CDT) (envelope-from zeus@tetronsoftware.com) Date: Sun, 24 Sep 2000 01:31:30 -0500 (CDT) From: Gene Harris To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Routing/NAT Problem after Upgrade to 4.1 In-Reply-To: <20000923213910.E42636@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, this turned out to be a doozy... After recompiling the kernel a couple of times, I began to trace through firewall rules using ipfw -at list. After looking at the list 10 times, I noticed the divert command was using the wrong interface. So I looked at /etc/rc.conf and all seemed ok. I checked /etc/defaults/rc.conf and I noticed my custom script was assigning the interface from the defaults/rc.conf! This didn't happen in 3.5, but it only took a minor edit to fix in 4.1-STABLE. I appreciate your help on this. Now I can at least sleep. Gene On Sat, 23 Sep 2000, Crist J . Clark wrote: > On Sat, Sep 23, 2000 at 06:08:15PM -0500, Gene Harris wrote: > > I recently upgraded to version 4.1-RELEASE from version 3.5-STABLE. > > The upgraded machine is used primarly as a nat server for a small > > network. After upgrading, I have been unable to route to the internet from my > > internal machines. The natd daemon is loaded, but something does not appear > > to be work correctly and I am too stupid to get natd to produce any decent > > logging information. > > The rc.conf looks fine. It's strange it has worked before, but not > now. I guess you need to have a look at your firewall script. > > When you are trying to get outside from an internal machine, can you > see where the packets are going (or not going) on the gateway by doing > some tcpdumps? > -- > Crist J. Clark cjclark@alum.mit.edu > Tetron Software, LLC http://www.tetronsoftware.com FreeBSD Apache PostgreSQL Oracle 8/8i Windows 95/98/NT Visual C Visual Basic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message