From owner-freebsd-net@FreeBSD.ORG Mon Oct 8 11:12:16 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 100E916A420 for ; Mon, 8 Oct 2007 11:12:16 +0000 (UTC) (envelope-from randy@psg.com) Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by mx1.freebsd.org (Postfix) with ESMTP id D790613C458 for ; Mon, 8 Oct 2007 11:12:15 +0000 (UTC) (envelope-from randy@psg.com) Received: from [202.214.86.181] by rip.psg.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from ) id 1IeqX0-0005Dt-5j; Mon, 08 Oct 2007 11:12:14 +0000 Message-ID: <470A107C.9000509@psg.com> Date: Mon, 08 Oct 2007 20:11:56 +0900 From: Randy Bush User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Paolo Pisati References: <4708D2EE.4010405@psg.com> <4709D44E.5050305@psg.com> <4709D647.1050803@yandex.ru> <20071008082256.GA9098@tin.it> In-Reply-To: <20071008082256.GA9098@tin.it> X-Enigmail-Version: 0.95.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD Net , "Andrey V. Elsukov" Subject: Re: ipfw nat befuddlement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2007 11:12:16 -0000 >>> # grep -n nat /etc/ipfw.rules >>> 33:add nat 123 all from any to any >>> 34:add nat 123 config if vr0 >> ^^^^^^^^ - add is not needed here. thanks andrey > ipfw nat crash course: > echo "net.inet.ip.fw.one_pass=0" >> /etc/sysctl.conf > and manually add: > ipfw nat 123 config if $IF log > ipfw add nat 123 ip4 from any to any via $IF hmmm. did that. see below > or substisute natd_enable/natd_interface in rc.conf with: > firewall_nat_enable="yes" > firewall_nat_interface="$IF" aha! that stuff is not in /etc/defaults/rc.conf extracted from /etc/rc.conf ifconfig_vr0=DHCP ifconfig_ath0="192.168.0.1 channel 4 ssid foo mediaopt hostap up" gateway_enable=YES # grep nat /etc/ipfw.rules nat 42 config if vr0 log add nat 42 ip4 from any to any via vr0 # sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 system boots and vr0 gets a dhcp address successfully dhcpd is running wireless client successfully associates with ath0, but can not get dhcp address Oct 8 11:05:33 soek0 dhcpd: DHCPDISCOVER from 00:18:de:21:76:c9 via ath0 Oct 8 11:05:33 soek0 dhcpd: DHCPOFFER on 192.168.0.10 to 00:18:de:21:76:c9 via ath0 using wireshark on the client, i see the request but not the response. randy