From owner-freebsd-questions Mon Oct 9 10:44:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from out5.mx.nwbl.wi.voyager.net (out5.mx.nwbl.wi.voyager.net [169.207.2.77]) by hub.freebsd.org (Postfix) with ESMTP id 6406137B66C for ; Mon, 9 Oct 2000 10:44:17 -0700 (PDT) Received: from pop1.nwbl.wi.voyager.net (pop1.nwbl.voyager.net [169.207.2.115] (may be forged)) by out5.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id e99HiGI67791 for ; Mon, 9 Oct 2000 12:44:16 -0500 (CDT) Received: from judah (d10.as1.appl.wi.voyager.net [169.207.126.138]) by pop1.nwbl.wi.voyager.net (8.10.2/8.10.2) with SMTP id e99HWRp60368 for ; Mon, 9 Oct 2000 12:32:28 -0500 (CDT) From: "Doug Poland" To: "ListServer FreeBSD Questions" Subject: routing problem, what am I missing!?!?!? Date: Mon, 9 Oct 2000 12:32:27 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm struggling here trying to get my 4.1.1-RELEASE box working as a gateway. I've followed the instructions on http://www.mostgraveconcern.com/freebsd/ipfw.html exactly and both NICs are functioning on their own networks. The box still appears to not route ip from ed0 (this NIC talks to my cable modem) to ed1 (on my internal network). When I ping from another fbsd box (10.20.1.134) on my network: % ping freebsd.org PING freebsd.org (216.136.204.18): 56 data bytes When I run #natd -v -n ed0 natd[257]: Aliasing to 24.164.246.248, mtu 1500 bytes I see many messages like... Oct 9 11:02:46 nebo routed[585]: Send bcast sendto (ed0,255.255.255.255.520): Network is unreachable On the console screen I get messages like... Oct 9 11:44:36 nebo /kernel: ed0: promiscuous mode enabled When I run #tcpdump -n -i ed0 I see many, many messages like... 11:03:23.827471 arp who-has 24.164.245.216 tell 24.164.244.1 11:03:23.827578 arp who-has 24.164.244.241 tell 24.164.244.1 11:03:23.841950 arp who-has 24.164.244.247 tell 24.164.244.1 11:03:23.882579 arp who-has 24.164.247.92 tell 24.164.244.1 11:03:23.891482 arp who-has 24.164.247.82 tell 24.164.244.1 Using the ping freebsd.org example above, I see this... 12:06:51.512227 24.164.246.248.1029 > 198.41.0.4.53: 53362 A? freebsd.org. (29) 12:06:51.567269 198.41.0.4.53 > 24.164.246.248.1029 53362- 0/6/6 (259) 12:06:51.593928 24.164.246.248.1029 > 204.216.27.53: 53503 A? freebsd.org. (29) 12:06:51.748317 204.216.3.53 > 24.164.246.248.1029: 53503* 1/7/7 A 216.136.204.18 (319) 12:06:51.853579 10.20.1.134 > 216.136.204.18: icmp: echo request 12:06:51.853623 10.20.1.134 > 216.136.204.18: icmp: echo request (the above lines repeat until I c ping ############ ifconfig -a ed0: flags=8943 mtu 1500 inet6 fe80::200:c0ff:fef7:dc9e%ed0 prefixlen 64 scopeid 0x1 inet 24.164.246.248 netmask 0xfffffc00 broadcast 255.255.255.255 ether 00:00:c0:f7:dc:9e ed1: flags=8943 mtu 1500 inet6 fe80::200:e9ff:fef9:107d%ed1 prefixlen 64 scopeid 0x2 inet 10.20.1.129 netmask 0xffff0000 broadcast 10.20.255.255 ether 00:00:e9:f9:10:7d faith0: flags=8000 mtu 1500 gif0: flags=8010 mtu 1280 gif1: flags=8010 mtu 1280 gif2: flags=8010 mtu 1280 gif3: flags=8010 mtu 1280 lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 ########### ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any ########### /etc/rc.conf gateway_enable="YES" nfs_server_enable="YES" weak_mountd_authentication="YES" portmap_enabled="YES" portmap_flags="" network_interfaces="ed0 lo0 ed1" ifconfig_ed0="DHCP" hostname="nebo.new.rr.com" ntpdate_flags="ncar.ucar.edu" check_quotas="NO" ntpdate_enable="YES" sshd_enable="YES" local_startup="/usr/local/etc/rc.d" ifconfig_ed1="inet 10.20.1.129 netmask 255.255.0.0" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="open" firewall_quiet="NO" natd_program="/sbin/natd" natd_enabled="YES" natd_interface="ed0" natd_flags="-f /etc/natd.conf" ########### /etc/resolv.conf search new.rr.com nameserver 24.164.225.35 nameserver 24.164.225.36 ########### /etc/natd.conf dynamic yes use_sockets same_ports yes ########### netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 24.164.244.1 UGSc 6 0 ed0 10.20/16 link#2 UC 0 0 ed1 => 10.20.1.128 0:0:c0:5d:35:ec UHLW 0 66 ed1 801 10.20.1.130 0:d0:59:1a:33:de UHLW 2 53 ed1 1094 24.164.244/22 link#1 UC 0 0 ed0 => 24.164.244.1 0:1:64:f6:48:54 UHLW 7 0 ed0 1160 127.0.0.1 127.0.0.1 UH 1 26 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%ed0/64 link#1 UC ed0 fe80::%ed1/64 link#2 UC ed1 fe80::%lo0/64 fe80::1%lo0 Uc lo0 ff01::/32 ::1 U lo0 ff02::%ed0/32 link#1 UC ed0 ff02::%ed1/32 link#2 UC ed1 ff02::%lo0/32 fe80::1%lo0 UC lo0 So what am I missing? I'm so close but obviously I'm missing a key element. Many, many thanks for you help Regards, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message