From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 00:39:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F355BD5B for ; Wed, 5 Nov 2014 00:39:09 +0000 (UTC) Received: from nightmare.dreamchaser.org (66.109.141.57-mso.montana.com [66.109.141.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD563B0D for ; Wed, 5 Nov 2014 00:39:08 +0000 (UTC) Received: from breakaway.dreamchaser.org (breakaway.dreamchaser.org. [192.168.151.122]) by nightmare.dreamchaser.org (8.13.6/8.13.6) with ESMTP id sA51SCZA004682; Tue, 4 Nov 2014 18:28:13 -0700 (MST) (envelope-from vagabond@blackfoot.net) Message-ID: <54596FE0.7020603@blackfoot.net> Date: Tue, 04 Nov 2014 17:31:28 -0700 From: Gary Aitken User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Ian Smith Subject: Re: natd not translating? References: <20141104160325.W52402@sola.nimnet.asn.au> In-Reply-To: <20141104160325.W52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 04 Nov 2014 18:28:13 -0700 (MST) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 00:39:10 -0000 Hi Ian, Thanks for the reply. I've made a little progress since posting that as of today, but not there yet. (see below) This whole exercise has been an example of why it's a help to all be in the same room. Especially when you don't have an alternate network connection! :-( My understanding is now not necessarily broader than it otherwise might be, but it is surely harder won and probably burned in a bit better... At my stage in life I can only hope it stays there long enough to get me to the end... On 11/03/14 22:37, Ian Smith wrote: > In freebsd-questions Digest, Vol 544, Issue 1, Message: 9 > On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" wrote: ... > > I'm trying to set up natd and can't for the life of me figure out > > what's wrong with my config. > > > > natd.conf: > > > > use_sockets > > same_ports > > unregistered_only > > verbose > > alias_address 66.109.141.60 > > > > What I see: > > In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to > > [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) > > > > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60? ... > Not enough information to have any idea how your NAT box is setup. > > Need to know the inside and outside interface addresses (eg ifconfig); > ipfw rules, especially around those invoking natd (divert rule/s) and > where these are placed in your ruleset; who/where is 192.168.1.2, is > 66.109.141.60 always your assigned public IP address, freebsd version? Sorry: world -> ep0 (66.109.141.*) fbsdbox (192.168.1.1) xl0 -> internal 66.109.141.60 is one of my assigned ip addrs. I *think* I got the above problem even with ipfw wide open: 00005 allow ip from any to any 00010 divert 8668 ip from any to any via ep0 I say *think* because I am further along but did not go back and verify the cause. My head is a bit damaged and the wall is bloody. I believe the problem was a missing entry in /boot/loader.conf (ipdivert_load="YES") which I found as a result of this note and the references to others in it: http://freebsd.1045724.n5.nabble.com/Kernel-Update-IPFW-not-working-td4208637.html Anyway, I'm past that problem and most things are working. However, still having some trouble working out my ipfw rules but if I can see what's happening I think I can figure it out. However... I can't seem to get logging to work. I have the following in natd.conf: log_denied log_ipfw_denied log_facility local0 and the following in syslog.conf !local0 *.* /var/log/natd.log If I run natd with verbose, I occasionally see "natd: failed to write packet back: Permission denied" errors on the controlling terminal. If I run without verbose (detached), I see no entries in /var/log/natd.log. Thanks for any insights. Gary