Date: Wed, 15 Jul 1998 16:33:12 +0200 (MEST) From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> To: freebsd-isdn@FreeBSD.ORG Subject: natd/firewall issues Message-ID: <199807151433.QAA25483@gilberto.physik.RWTH-Aachen.DE>
next in thread | raw e-mail | index | archive | help
After re-establishing the setup I had running under 2.2.5/bisdnd, especially the firewall/natd settings I found that I cannot route through ipr0 when the same natd/firewall rules are applied I had under 2.2.5/bisdnd. Are there any caveats to know about when using i4b with natd? /etc/rc.firewall /sbin/ipfw -f flush #/sbin/ipfw add divert natd all from any to any via ipr0 /sbin/ipfw add pass all from any to any If I uncomment the ipr0 line, I cannot route out packets in conjunction with: /etc/rc.local: natd -n ipr0 sh /etc/rc.firewall kernel CONFIG: # machine "i386" cpu "I486_CPU" ident MONKAVMIFB maxusers 64 options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options FFS #Berkeley Fast Filesystem options NFS #Network Filesystem options MSDOSFS #MSDOS Filesystem options "CD9660" #ISO 9660 Filesystem options PROCFS #Process filesystem options "COMPAT_43" #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device #options BOUNCE_BUFFERS #include support for DMA bounce buffers options UCONSOLE #Allow users to grab the console options FAILSAFE #Be conservative options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options SYSVSHM options SHMMAXPGS=4096 options "SHMMAX=(SHMMAXPGS*PAGE_SIZE+1)" options IPDIVERT options IPFIREWALL options IPFIREWALL_VERBOSE config kernel root on wd0 controller isa0 controller pci0 controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr disk fd0 at fdc0 drive 0 controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr disk wd0 at wdc0 drive 0 options ATAPI #Enable ATAPI support for IDE bus options ATAPI_STATIC #Don't do it as an LKM device wcd0 #IDE CD-ROM # A single entry for any of these controllers (ncr, ahb, ahc, amd) is # sufficient for any number of installed devices. # # Note: The dpt driver is present in this release but was left disabled # due to its relatively late entry (it's almost certainly benign to enable # it but we didn't want to risk any chance of destabilizing 2.2.6). To # enable DPT support, uncomment the dpt0 controller entry and the two # options DPTOPT and DPT_MEASURE_PERFORMANCE entries below. controller ncr0 controller scbus0 device sd0 device od0 #See LINT for possible `od' options. device st0 device cd0 #Only need one of these, the code dynamically grows device wt0 at isa? port 0x300 bio irq 5 drq 1 vector wtintr device scd0 at isa? port 0x230 bio # syscons is the default console driver, resembling an SCO console device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr # Mandatory, don't remove device npx0 at isa? port "IO_NPX" flags 0x1 irq 13 vector npxintr # device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr device sio1 at isa? port "IO_COM2" tty irq 3 vector siointr device lpt0 at isa? port? tty irq 7 vector lptintr device le0 at isa? port 0x200 net irq 10 iomem 0xd0000 vector le_intr # # Copyright (c) 1997, 1998 Hellmuth Michaelis. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. Neither the name of the author nor the names of any co-contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # 4. Altered versions must be plainly marked as such, and must not be # misrepresented as being the original software and/or documentation. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # #--------------------------------------------------------------------------- # # i4b FreeBSD kernel configuration # -------------------------------- # # last edit-date: [Fri Jun 19 10:44:03 1998] # # $Id: CONFIG,v 1.14 1998/06/19 09:26:07 hm Exp $ # # -hm cvs # -hm PPP # -hm hardware options patch from Gary # #--------------------------------------------------------------------------- # # i4b passive ISDN cards support (isic - I4b Siemens Isdn Chipset driver) # note that the ``options'' and ``device'' lines must BOTH be defined ! # Teles S0/8 or Niccy 1008 # AVM A1 or AVM Fritz!Card options "AVM_A1" device isic0 at isa? port 0x340 net irq 5 flags 0x08 vector isicintr # i4b passive cards D channel handling # Q.921 pseudo-device "i4bq921" # Q.931 pseudo-device "i4bq931" # common passive and active layer 4 # layer 4 pseudo-device "i4b" # userland driver to do ISDN tracing (for passive cards oly) pseudo-device "i4btrc" 4 # userland driver to control the whole thing pseudo-device "i4bctl" # userland driver for access to raw B channel pseudo-device "i4brbch" 4 # userland driver for telephony pseudo-device "i4btel" 2 # network driver for IP over raw HDLC ISDN pseudo-device "i4bipr" 4 # enable VJ header compression detection for ipr i/f options IPR_VJ # network driver for sync PPP over ISDN pseudo-device "i4bisppp" 4 pseudo-device sppp 4 pseudo-device loop pseudo-device ether pseudo-device log pseudo-device bpfilter 4 pseudo-device sl 1 pseudo-device ppp 1 pseudo-device vn 1 pseudo-device tun 1 pseudo-device pty 16 pseudo-device gzip # Exec gzipped a.out's # KTRACE enables the system-call tracing facility ktrace(2). # This adds 4 KB bloat to your kernel, and slightly increases # the costs of each syscall. options KTRACE #kernel tracing -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807151433.QAA25483>