From owner-freebsd-questions Fri May 21 23:45:23 1999 Delivered-To: freebsd-questions@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id A98C4154CF for ; Fri, 21 May 1999 23:45:17 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from rainbow5.scientia.demon.co.uk ([192.168.1.2] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.00 #1) id 10l0X6-000BtA-00 for freebsd-questions@freebsd.org; Sat, 22 May 1999 02:25:00 +0100 (envelope-from ben@rainbow5.scientia.demon.co.uk) Received: from rainbow5.scientia.demon.co.uk (ident=ben) by rainbow5.scientia.demon.co.uk with local (Exim 3.00 #1) id 10l0X8-000B1B-00 for freebsd-questions@freebsd.org; Sat, 22 May 1999 02:25:02 +0100 (envelope-from ben@rainbow5.scientia.demon.co.uk) Date: Sat, 22 May 1999 02:25:01 +0100 From: Ben Smithurst To: freebsd-questions@freebsd.org Subject: IP masquerading with user ppp Message-ID: <19990522022501.A42309@rainbow5.scientia.demon.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm having a few problems getting IP masquerading working here, hopefully someone can help me. Here's the situation: two machines here, scientia and rainbow5 (don't ask). scientia is (or should be) the gateway machine, and rainbow5 is connected to scientia using a serial cable (again, don't ask). The serial cable is handled at both ends by user ppp, this all works fine (although fairly slow). scientia has another user ppp process handling the connection to my ISP. I'm trying to get scientia to do IP masq for rainbow5, and failing miserably. relevant (hopefully) information... ben@scientia:~/work$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 158.152.1.222 UGSc 2 31 tun0 127.0.0.1 127.0.0.1 UH 1 117931 lo0 158.152.1.222 212.228.14.13 UH 2 0 tun0 192.168.1.2 192.168.1.1 UH 4 3705 tun1 ben@scientia:~/work$ ifconfig -a tun0: flags=8151 mtu 1500 inet 212.228.14.13 --> 158.152.1.222 netmask 0xffffffff tun1: flags=8151 mtu 1500 inet 192.168.1.1 --> 192.168.1.2 netmask 0xffffff00 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ben@rainbow5:~$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 0 19 tun0 127.0.0.1 127.0.0.1 UH 1 13278 lo0 192.168.1.1 192.168.1.2 UH 6 4160 tun0 ben@rainbow5:~$ ifconfig -a tun0: flags=8151 mtu 1500 inet 192.168.1.2 --> 192.168.1.1 netmask 0xffffff00 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ben@scientia:~/work$ ps ax | grep ppp 45226 ?? Is 0:00.05 /usr/sbin/ppp -alias -auto demon 45328 a0 Ss+ 0:07.53 /usr/sbin/ppp -direct incoming ben@rainbow5:~$ ps ax | grep ppp 41999 ?? Ss 0:17.36 /usr/sbin/ppp -background scientia ben@scientia:~/work$ sysctl net | grep forwarding net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 Now, when I do something like: ben@rainbow5:~$ nc 204.216.27.21 80 I just see things like this in scientia's log: May 22 02:15:07 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 May 22 02:15:10 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 (ipfw stops packets with a src or dst address in 192.168/16 going out into the big wide world, IP masq should rewrite this source address, shouldn't it, or am I completely missing the point?) What am I not doing which I should be? The FAQ says ppp has this functionality built in, so I shouldn't need natd, I haven't seen any extra kernel options mentioned anywhere, I've read the ppp manpage over and over (although probably not carefully enough), so I'd appreciate any help anyone can provide. -- Ben Smithurst ben@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message