From owner-freebsd-ipfw@FreeBSD.ORG Tue Jul 29 12:47:02 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA9F337B401 for ; Tue, 29 Jul 2003 12:47:02 -0700 (PDT) Received: from goliath.cnchost.com (goliath.cnchost.com [207.155.252.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73F2F43F3F for ; Tue, 29 Jul 2003 12:47:02 -0700 (PDT) (envelope-from sahafeez@edgefocus.com) Received: from edgefocus.com ([12.106.69.222]) by goliath.cnchost.com id PAA05676; Tue, 29 Jul 2003 15:47:02 -0400 (EDT) [ConcentricHost SMTP Relay 1.15] Errors-To: Message-ID: <3F26CF32.2060307@edgefocus.com> Date: Tue, 29 Jul 2003 12:46:58 -0700 From: Sean Hafeez User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: radius and natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 19:47:03 -0000 i have a network (10.0.0.x) that is nat'd to the external interface of the firewall. everything works great. the kernel was compiled with the leave everything open opition. the only rules are: /sbin/natd -interface rl0 ipfw add divert natd all from any to any via rl0 ipfw add pipe 1 ip from any to any in recv rl1 ipfw add pipe 2 ip from any to any out xmit rl1 ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s rl0 is the external. rl1 is the internal 10.0.0.x network. i have a device on the internal network 10.0.0.4 that needs to query an radius server on the internet. i can see the request come in from the device on rl1 (tcpdump -i rl1) but i see nothing leave and never see the packet hit the server. is nat the problem? is there away around this? i googled but did not find anything that worked. remember this is a wide open box that is just being used for nat and shapping with no rules. thanks!