From owner-freebsd-questions Mon May 27 7:15:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from tomts12-srv.bellnexxia.net (tomts12.bellnexxia.net [209.226.175.56]) by hub.freebsd.org (Postfix) with ESMTP id 00E5037B404 for ; Mon, 27 May 2002 07:15:30 -0700 (PDT) Received: from xena.gsicomp.on.ca ([65.95.179.11]) by tomts12-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020527141529.XBEJ16273.tomts12-srv.bellnexxia.net@xena.gsicomp.on.ca>; Mon, 27 May 2002 10:15:29 -0400 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.3/8.11.3) with SMTP id g4RD1db30329; Mon, 27 May 2002 09:01:39 -0400 (EDT) (envelope-from matt@gsicomp.on.ca) Message-ID: <003201c20588$f42f58f0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: , References: <200205271351.g4RDpe930478@spidey.speakeasy.net> Subject: Re: natd won't nat Date: Mon, 27 May 2002 10:15:27 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Trying an experiment using vtund (from ports/net) to open VPN connection from home (DSL) into FreeBSD box at work. I finally got the tunnel working on tun0, but when I try to send a packet from home, the FreeBSD gateway doesn't translate the packet. > > network diagram: > > home wrkstn (w2k) > ---------------- > 10.0.0.10 -> > > OpenBSD router > ------------------------------------- > 10.0.0.1(ep0) -> 192.168.1.1(tun0) -> > > FreeBSD VPN gtwy > ------------------------------------------- > 192.168.1.5(tun0) -> work LAN x.x.x.x(fxp0) > > If I try to connect from say, 10.0.0.10 to x.x.26.27, the packet will leave fxp0 on the VPN box as 10.0.0.10 -> x.x.26.27 never to return (obviously). a> > I've got a kernel compiled with 'options IPFIREWALL' and 'options IPDIVERT'. I've got the appropriate entries in the rc.conf: > > gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" > natd_enable="YES" > natd_interface="fxp0" > natd_flags="-l" > > I wasn't sure whether the firewall was a problem, so I just made a brand new rc.firewall with the following: > > /sbin/ipfw add pass all from any to any > > Nothing seems to work. Any ideas? If you *replaced* rc.firewall with your one-liner above, then that's the reason natd isn't working. When natd_enable="YES" in /etc/rc.conf (as you have), it adds a rule to ipfw that looks like this: /sbin/ipfw divert natd all from any to any via fxp0 which sends all incoming/outgoing packets through the natd daemon. Without this rule, natd doesn't get anything to work on. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message