From owner-freebsd-questions  Tue Jan 27 10:59:04 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA12633
          for questions-outgoing; Tue, 27 Jan 1998 10:59:04 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from smtp.plinet.com (root@flattened.plinet.com [206.168.149.8])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA12619
          for <freebsd-questions@freebsd.org>; Tue, 27 Jan 1998 10:58:52 -0800 (PST)
          (envelope-from freebsd@plinet.com)
Received: from me (me.plinet.com [206.168.149.220])
	by smtp.plinet.com (8.8.5/8.8.5) with SMTP id SAA07016
	for <freebsd-questions@freebsd.org>; Tue, 27 Jan 1998 18:58:50 GMT
Message-Id: <199801271858.SAA07016@smtp.plinet.com>
X-Sender: freebsd@pop.plinet.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Tue, 27 Jan 1998 11:58:50 -0700
To: freebsd-questions@FreeBSD.ORG
From: Ben Schumacher <freebsd@plinet.com>
Subject: FreeBSD 2.2.5, Multihomed, Kerberos Problem
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk

Howdy,

Let me get straight to the point here.  I'm running FreeBSD 2.2.5 on a
multihomed machine that is acting as a gateway and packet filter for our
internal network.  The machine is configured with two ethernet cards and
two distinct IP addresses and seems to be working fine, except that after
adding the second interface and IP addresses kerberos authentication no
longer works properly.

Here is the configuration:

External Interface: vx0 (3c900)
	- IP Address: 206.168.149.240/24
	- DNS Name: stalker.plinet.net

Internal Interface: ed2 (generic NE2000)
	- IP Address: 207.174.1.254/24
	- DNS Name: tvcn-gw.tvcn.net

Kerberos Configuration:
  krb.conf
	PLINET.NET
	PLINET.NET stalker.plinet.net. admin server
	PLINET.NET tvcn-gw.tvcn.net.

  krb.realms
	stalker.plinet.net. PLINET.NET
	.plinet.net. PLINET.NET
	.tvcn.net. PLINET.NET

As I understand it this should allow kerberos to work correctly, however, I
get this error message whenever I log into the machine (at the console):
	krb_bind_local_addr: bind: Invalid argument
	krb_bind_local_addr: Can't bind local addresssu: kerberos: unable to su:
Can't send
		request (send_to_kdc)

And this message appears in the /var/log/kerberos.log
	27-Jan-98 11:57:16 Initial ticket request Host: 207.174.1.254 User:
"bshoe" ""

I had this working correctly before I added the second ethernet card and IP
address (when the machine was standalone) but now that I'm trying to
configure it as a gateway/firewall ... it doesn't seem to be working
properly at all.

And before you ask, I have made sure that kerberos requests are getting
passed through correctly in the firewall.

Thanks in advance.