Date: Tue, 07 Jul 1998 14:03:33 -0500 From: Edwin Culp <eculp@webwizard.org.mx> To: Graeme Brown <graeme.brown@bt-sys.bt.co.uk> Cc: "FreeBSD-Net (FreeBSD.Org) List" <freebsd-net@FreeBSD.ORG> Subject: Re: How to get natd running during boot process Message-ID: <35A27105.1449FD7D@webwizard.org.mx> References: <n1312295140.5582@maczebedee>
next in thread | previous in thread | raw e-mail | index | archive | help
Graeme Brown wrote: > > Ed > > I have been trying out your recipe to get natd working on a 2.2.5 box > but natd doesn't seem to start up properly. > > Can you clarify the following please First of all, I'm running current, so I have an excuse :-) Should be the same, but I don't have a 2.2.5 left to compare. > > Ed Culp wrote : > > >think that you need natd and ipfw on the gateway machine. > > >first in your kernel config file add something like: > > >options IPFIREWALL #firewall > >options IPFIREWALL_VERBOSE #print information about > >options IPDIVERT #divert sockets > >options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity > >options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by > >default > > >recompile > > >edit rc.conf something like this: > > >firewall_enable="YES" # Set to YES to enable firewall > >functionality > >firewall_type="open" # Firewall type (see /etc/rc.firewall) > >firewall_quiet="NO" # Set to YES to suppress rule display > >natd_enable="YES" # Enable natd (if firewall_enable == > YES). > >natd_interface="ep0" # Public interface to use with natd. > >natd_flags="-v -s -m -u " # Additional flags for natd. > > >the up to date rc.firewall file seems to work fine > >I did move the natd inicialzation in rc.network to > >the begining of ipfw it may not have been necessary > >but since it works, I haven't fixed it. The problem > >was that natd didn't start. > > Yes I have this trouble too. I wanted to use the shell macros > you suggest in /etc/rc.conf thus > > natd $natd_flags -n $natd_interface I wasn't so efficient. I just put the command on about line 60 in the rc.network file just after the line that reads # Inicialize IP Filtering using ipfw echo -n " Arrancando NATD " natd -v -s -m -u -n ed0 > > but I seem to get a hung machine. > > > (Don't forget to comment > >out the orginal natd inicialization) > > Yes but where on earth is the original initialisation ?? I could not > find anything in /etc/rc.network or /etc/rc.firewall which started up natd. > in my rc.network it's on about line 270 and starts with # Network Address Translation Daemon > >You might want > >to do this if natd doesn't start after reboot. > >ps -ax|grep natd. You can start it manually if > >necessary and everything should work. > > Well as a last resort, but it should be possible to configure this > automatically during the initialisation of networking. > > ># cut and paste from rc.network > > > # Initialize IP filtering using ipfw > > echo -n "natd repositioned in rc.network" > >natd -v -s -m -u -n ep0 > > # test and fix. Next line is part of original file. > > /sbin/ipfw -q flush > /dev/null 2>&1 > > >By this time you should be recompiled and ready for a reboot:-) > > >Don't worry, if I forgot something your machine won't work :-) > > You can say that again ! > > >provecho > > >ed > > Is the recipe for natd set-up advocated by natd man page out of date. > I found it hard to reconcile with what rc.firewall script actually > does. > > Does anyone on the list have their own alternative to get natd running > automatically at machine boot time. I presume that natd/ipfw must be > running > happily before network services are started up eg NFS, RPC etc. > > TIA > > Graeme N Brown > BT Laboratories, UK > email: graeme.brown@bt-sys.bt.co.uk > Hope this helps ed ................ C U T .......................... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A27105.1449FD7D>