From owner-freebsd-questions  Mon Sep 13 10: 2:23 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from aag.alaskaair.com (outbound.alaskaair.com [159.49.42.191])
	by hub.freebsd.org (Postfix) with SMTP id 418F514F05
	for <freebsd-questions@freebsd.org>; Mon, 13 Sep 1999 10:02:17 -0700 (PDT)
	(envelope-from elazich@AlaskaAir.com)
Received: from OUTBOUND.alaskaair.com by aag.alaskaair.com
          via smtpd (for hub.FreeBSD.org [204.216.27.18]) with SMTP; 13 Sep 1999 17:05:27 UT
Received: from asnasta (asnasta.alaskaair.com [159.49.42.21])
	by outbound.alaskaair.com (8.9.3/8.9.3) with SMTP id KAA25807
	for <freebsd-questions@freebsd.org>; Mon, 13 Sep 1999 10:04:08 -0700
From: elazich@AlaskaAir.com
To: freebsd-questions@freebsd.org
Date: Mon, 13 Sep 1999 10:01:40 -0700
Subject: IPFW & NATD
Message-ID: <msg1219643.thr-894a72.4c526e@alaskaair.com>
Organization: Alaska Airlines
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-ID: <msg1219643.thr-894a72.4c526e.part0@alaskaair.com>
X-Gateway: NASTA Gate 2.0 for FirstClass(R)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I have a FBSD box with 2 NICs (vx0 and lnc1) which I am running ipfw
and natd on.  vx0 is on my internal net using a 10 block address and
lnc1 is on my external connection.  I had compiled in support for IPFW
in the kernel and run natd -interface lnc1.  My IPFW rules look like
this,

capricorn# ipfw -a l
00100 82838 9639926 divert 8668 ip from any to any via lnc1
00200 84517 9917180 allow ip from any to any
65535    16    1696 deny ip from any to any
capricorn#

Output of ifconfig -a is;

capricorn# ifconfig -a
vx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        ether 00:a0:24:bd:f8:af
lnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 207.149.134.143 netmask 0xffffffe0 broadcast
207.149.134.159
        ether 00:80:29:68:52:c4
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
capricorn#

I run natd -interface lnc1, this was all working fine for quite some
time but now I cannot seem to even ping anything on my loal network
from the firewall box.  Any other machine on my 10 net can talk to each
other (but they cannot reach the firewall), and what's even starnger is
that when I run tcpdump on my firewall it picks up traffic on the 10
network.  Does anyone know what is going on here and how I can get
myself back to functional status?

Eli


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message