Date: Mon, 31 Jan 2000 19:31:16 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: John <papalia@udel.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD/Divert broken ? Message-ID: <20000131193116.A72155@relay.ucb.crimea.ua> In-Reply-To: <4.1.20000131120328.009749c0@mail.udel.edu>; from John on Mon, Jan 31, 2000 at 12:14:11PM -0500 References: <4.1.20000131120328.009749c0@mail.udel.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 31, 2000 at 12:14:11PM -0500, John wrote: > Hey all, > > I'm having a small problem with my NATD and my firewall. Per the > instructions in "The Complete FreeBSD", I added the firewall rule: > > divert natd ip from any to any via fxp1 > > The problem is that this rule is causing partial problems on my loopback > device (lo0). > > What happens is that with the rule in place, for some connections within > the box (which definitely go thru lo0), the connections fail. If I remove > that rule, then the connections within the box can be made, but then I lose > all ability to host my internal 192.168. net. > > I have done tcpdumps of both the successful and unsuccessful connections > and have pasted them below. If the actual tcpdump files would be useful, I > can attach those to a subsequent email. > > Also, I'm currently running 3.3 and am suffering from NO other apparent > problems with lo0 that I can tell. > > tcpdumps are below. > > Thanks in advance, > John > > ****** > Failed connection, with divert rule in place: > ****** > > 12:01:10.744362 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S > 1027967984:1027967984(0) win 16384 <mss 16344,nop,wscale 0,nop,no > [...] Can you show me the above in numerical form (with -n), with the output of the following commands: * ifconfig -au inet * netstat -arn * ipfw show And how do you start natd? -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000131193116.A72155>