From owner-freebsd-questions Mon Jan 31 9:32:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 39D1A14CAC for ; Mon, 31 Jan 2000 09:31:59 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id TAA73533; Mon, 31 Jan 2000 19:31:16 +0200 (EET) (envelope-from ru) Date: Mon, 31 Jan 2000 19:31:16 +0200 From: Ruslan Ermilov To: John Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD/Divert broken ? Message-ID: <20000131193116.A72155@relay.ucb.crimea.ua> Mail-Followup-To: John , freebsd-questions@FreeBSD.ORG References: <4.1.20000131120328.009749c0@mail.udel.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <4.1.20000131120328.009749c0@mail.udel.edu>; from John on Mon, Jan 31, 2000 at 12:14:11PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jan 31, 2000 at 12:14:11PM -0500, John wrote: > Hey all, > > I'm having a small problem with my NATD and my firewall. Per the > instructions in "The Complete FreeBSD", I added the firewall rule: > > divert natd ip from any to any via fxp1 > > The problem is that this rule is causing partial problems on my loopback > device (lo0). > > What happens is that with the rule in place, for some connections within > the box (which definitely go thru lo0), the connections fail. If I remove > that rule, then the connections within the box can be made, but then I lose > all ability to host my internal 192.168. net. > > I have done tcpdumps of both the successful and unsuccessful connections > and have pasted them below. If the actual tcpdump files would be useful, I > can attach those to a subsequent email. > > Also, I'm currently running 3.3 and am suffering from NO other apparent > problems with lo0 that I can tell. > > tcpdumps are below. > > Thanks in advance, > John > > ****** > Failed connection, with divert rule in place: > ****** > > 12:01:10.744362 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S > 1027967984:1027967984(0) win 16384 [...] Can you show me the above in numerical form (with -n), with the output of the following commands: * ifconfig -au inet * netstat -arn * ipfw show And how do you start natd? -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message