Date: 7 Jul 1998 16:04:50 +0100 From: Graeme Brown <graeme.brown@bt-sys.bt.co.uk> To: Edwin Culp <eculp@webwizard.org.mx> Cc: "FreeBSD-Net (FreeBSD.Org) List" <freebsd-net@FreeBSD.ORG> Subject: How to get natd running during boot process Message-ID: <n1312295140.5582@maczebedee>
next in thread | raw e-mail | index | archive | help
Ed
I have been trying out your recipe to get natd working on a 2.2.5 box
but natd doesn't seem to start up properly.
Can you clarify the following please
Ed Culp wrote :
>think that you need natd and ipfw on the gateway machine.
>first in your kernel config file add something like:
>options IPFIREWALL #firewall
>options IPFIREWALL_VERBOSE #print information about
>options IPDIVERT #divert sockets
>options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
>options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
>default
>recompile
>edit rc.conf something like this:
>firewall_enable="YES" # Set to YES to enable firewall
>functionality
>firewall_type="open" # Firewall type (see /etc/rc.firewall)
>firewall_quiet="NO" # Set to YES to suppress rule display
>natd_enable="YES" # Enable natd (if firewall_enable ==
YES).
>natd_interface="ep0" # Public interface to use with natd.
>natd_flags="-v -s -m -u " # Additional flags for natd.
>the up to date rc.firewall file seems to work fine
>I did move the natd inicialzation in rc.network to
>the begining of ipfw it may not have been necessary
>but since it works, I haven't fixed it. The problem
>was that natd didn't start.
Yes I have this trouble too. I wanted to use the shell macros
you suggest in /etc/rc.conf thus
natd $natd_flags -n $natd_interface
but I seem to get a hung machine.
> (Don't forget to comment
>out the orginal natd inicialization)
Yes but where on earth is the original initialisation ?? I could not
find anything in /etc/rc.network or /etc/rc.firewall which started up natd.
>You might want
>to do this if natd doesn't start after reboot.
>ps -ax|grep natd. You can start it manually if
>necessary and everything should work.
Well as a last resort, but it should be possible to configure this
automatically during the initialisation of networking.
># cut and paste from rc.network
> # Initialize IP filtering using ipfw
> echo -n "natd repositioned in rc.network"
>natd -v -s -m -u -n ep0
> # test and fix. Next line is part of original file.
> /sbin/ipfw -q flush > /dev/null 2>&1
>By this time you should be recompiled and ready for a reboot:-)
>Don't worry, if I forgot something your machine won't work :-)
You can say that again !
>provecho
>ed
Is the recipe for natd set-up advocated by natd man page out of date.
I found it hard to reconcile with what rc.firewall script actually
does.
Does anyone on the list have their own alternative to get natd running
automatically at machine boot time. I presume that natd/ipfw must be
running
happily before network services are started up eg NFS, RPC etc.
TIA
Graeme N Brown
BT Laboratories, UK
email: graeme.brown@bt-sys.bt.co.uk
_______________________________________________________________________________
To: Joe Schwartz
Cc: freebsd-net@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG
From: Edwin Culp on Tue, Jun 23, 1998 1:37 am
Subject: [Fwd: Re: routing issue]
RFC Header:Received: by maczebedee with ADMIN;23 Jun 1998 01:37:22 +0100
Received: from babelfish.axion.bt.co.uk by rambo with SMTP (PP);
Tue, 23 Jun 1998 01:39:17 +0100
Received: from hub.freebsd.org by babelfish.axion.bt.co.uk (PP) with SMTP;
Tue, 23 Jun 1998 01:36:04 +0100
Received: from localhost (daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8)
with SMTP id MAA01962;
Mon, 22 Jun 1998 12:19:29 -0700 (PDT) (envelope-from
owner-freebsd-net)
Received: by hub.freebsd.org (bulk_mailer v1.6); Mon, 22 Jun 1998 12:19:08
-0700
Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8)
id MAA01879 for freebsd-net-outgoing;
Mon, 22 Jun 1998 12:19:07 -0700 (PDT) (envelope-from
owner-freebsd-net@FreeBSD.ORG)
Received: from ns.webwizard.net.mx (mexcom.net.mx [207.249.162.140])
by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA01835;
Mon, 22 Jun 1998 12:18:54 -0700 (PDT) (envelope-from
eculp@webwizard.org.mx)
Received: from sunix (eculp@sunix.mexcom.net [206.103.64.3])
by ns.webwizard.net.mx (8.8.8/8.8.7) with SMTP id OAA03407;
Mon, 22 Jun 1998 14:17:57 -0500 (CDT)
Message-ID: <358EA148.6513CABD@webwizard.org.mx>
Date: Mon, 22 Jun 1998 13:24:08 -0500
From: Edwin Culp <eculp@webwizard.org.mx>
Organization: Mexico Communicates
X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.14 i586)
MIME-Version: 1.0
To: Joe Schwartz <rjoe@sierrahill.com>
CC: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: [Fwd: Re: routing issue]
Content-Type: multipart/mixed; boundary="------------14049ECB962959A7A7BB842"
Sender: owner-freebsd-net@FreeBSD.ORG
X-Loop: FreeBSD.org
--------------14049ECB962959A7A7BB842
Content-type: text/plain; charset="us-ascii"
I screwed up on my email configuration. Message never got out.
sorry, Hope it's still useful.
ed
--------------14049ECB962959A7A7BB842
Content-type: message/rfc822
Content-transfer-encoding: 7bit
Content-Disposition: inline
Date: Tue, 23 Jun 1998 00:36:26 +0000
Message-ID: <358E65D7.7A926B2B@mexcom.net>
Date: Mon, 22 Jun 1998 09:10:31 -0500
From: Edwin Culp <eculp@mexcom.net>
Organization: Mexico Communicates
X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.14 i586)
MIME-Version: 1.0
To: Joe Schwartz <rjoe@sierrahill.com>
CC: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: routing issue
References: <199806221326.IAA05713@sierrahill.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
think that you need natd and ipfw on the gateway machine.
first in your kernel config file add something like:
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
options IPDIVERT #divert sockets
options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
default
recompile
edit rc.conf something like this:
firewall_enable="YES" # Set to YES to enable firewall
functionality
firewall_type="open" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
natd_enable="YES" # Enable natd (if firewall_enable ==
YES).
natd_interface="ep0" # Public interface to use with natd.
natd_flags="-v -s -m -u " # Additional flags for natd.
the up to date rc.firewall file seems to work fine
I did move the natd inicialzation in rc.network to
the begining of ipfw it may not have been necessary
but since it works, I haven't fixed it. The problem
was that natd didn't start. (Don't forget to comment
out the orginal natd inicialization) You might want
to do this if natd doesn't start after reboot.
ps -ax|grep natd. You can start it manually if
necessary and everything should work.
# cut and paste from rc.network
# Initialize IP filtering using ipfw
echo -n "natd repositioned in rc.network"
natd -v -s -m -u -n ep0
# test and fix. Next line is part of original file.
/sbin/ipfw -q flush > /dev/null 2>&1
By this time you should be recompiled and ready for a reboot:-)
Don't worry, if I forgot something your machine won't work :-)
provecho
ed
Joe Schwartz wrote:
>
> Folks,
>
> I want to use a FreeBSD machine as an Internet host with 2
> ethernet cards. One card on an Internet subnet and the other
> card to service the internal private network.
>
> I'm having trouble getting it to route between the 2 interfaces.
>
> I have 3 machines setup for a test.
>
> machine a:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 207.8.11.165 netmask 0xfffffff8 broadcast 207.8.11.167
> ether 00:a0:24:11:c7:19
>
> machine b:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 207.8.11.166 netmask 0xfffffff8 broadcast 207.8.11.167
> ether 00:10:4b:29:aa:a7
> ep1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> ether 00:10:4b:20:94:3a
>
> machine c:
> ----------
> ifconfig -a
> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
> ether 00:10:4b:29:ab:da
>
> machine a's default route is set to 207.8.11.166
> machine c's default route is set to 192.168.1.1
>
> machine b has a route between the 2 interfaces by issuing: (but doesn't
work)
>
> route add -net 192.168.1.0 207.8.11.166 0
>
> machine b can ping machine a and c
>
> machine a can ping:
> 207.8.11.166 and 192.168.1.1 but not 192.168.1.2
>
> machine c can ping:
> 192.168.1.1 and 207.8.11.166 but not 207.8.11.165
>
> ==============================================================
>
> In /etc/rc.conf I've got:
>
> gateway_enable="YES"
> router_enable="YES"
>
> Machine b ISN'T routing between the 2 interfaces. Any suggestions?
> -----
> I have several machines set up like this for clients working perfectly
> under FreeBSD 2.1.x.
>
> Does FreeBSD 2.2.x expect a subtle difference somehow? Is my 'route add'
> command incorrect?
>
> HELP!!
> THANKS,
>
> Joe
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--------------14049ECB962959A7A7BB842--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?n1312295140.5582>