Date: Fri, 30 Oct 1998 00:30:56 +0100 From: Arve Ronning <Arve.Ronning@ah.telia.no> To: Frederico Costa <fpcosta@get2net.dk> Cc: freebsd-isdn@FreeBSD.ORG Subject: Re: Using ipfw and NATD Message-ID: <3638FAB0.43A8FB@ah.telia.no> References: <3638C650.73A16E9B@get2net.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Frederico Costa wrote: > > Hi ... > > I don't know if this is the right mailing list to put this question but It is. > > I enabled the gateway and the firewall through rc.conf > > Then i add the use the following to connect to my ISP: > > # Put isdn working > isdnd -l > papauth="myauthname=xxx myauthsecret=xxx" > spppcontrol isppp0 myauthproto=pap $papauth hisauthproto=none > > ifconfig isppp0 inet 0.0.0.0 0.0.0.1 link1 debug > route add default 0.0.0.1 I have: ifconfig isppp0 link1 0.0.0.0 0.0.0.1 netmask 0xffffff00 route add default -interface isppp0 (not sure there is anything wrong with your ifconfig, but the route add default certainly needs to be changed) > > And then i use > > natd -interface isppp0 Should be: natd -dynamic -interface isppp0 > > And the rules > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via ed0 Should be: /sbin/ipfw add divert natd all from any to any via isppp0 because you want the NAT function on the external interface > /sbin/ipfw add pass all from any to any > > I think the problem is related to the fact that i am using dynamic ip's > when i connect to the ISP, so i tried the dynamic flag in the natd, but > nothing change. That's because natd needs to be on isppp0 and isdn4bsd needs a patch to work smoothly with the -dynamic option. I've attached one possible patch from garyj@muc.de. This is probably not the official patch, but it works fine for me and several others. > > I have 2.2.7 RELEASE. > > If i don't use the natd and the firewall i can connect to the internet > using freebsd. And i can connect from the computers to the freebsd > through my network. > > But when i use the natd and ipfw, i can't to the internet and i can't > either connect from the computers to the freebsd > > Did anyone experience some problems like this. Can anyone point > directions ? > As you might already have understood, I was in the exact same situation some months ago :). Good luck -Arve ------ the patch from Gary (let's hope it doesn't get distorted by cut&paste&mail) -- *** if_spppsubr.c.orig Tue Aug 25 23:02:24 1998 --- if_spppsubr.c Thu Aug 27 23:03:03 1998 *************** *** 56,61 **** --- 56,62 ---- #include <net/if.h> #include <net/netisr.h> #include <net/if_types.h> + #include <net/route.h> #include <machine/stdarg.h> *************** *** 3914,3920 **** static void sppp_set_ip_addr(struct sppp *sp, u_long src) { ! struct ifnet *ifp = &sp->pp_if; struct ifaddr *ifa; struct sockaddr_in *si; --- 3915,3921 ---- static void sppp_set_ip_addr(struct sppp *sp, u_long src) { ! STDDCL; struct ifaddr *ifa; struct sockaddr_in *si; *************** *** 3940,3947 **** if (si) break; } ! if (ifa && si) si->sin_addr.s_addr = htonl(src); } static int --- 3941,3974 ---- if (si) break; } ! if (ifa && si) { ! /* delete the old address first XXX */ ! if (debug) ! log(LOG_DEBUG, SPP_FMT "\ndeleting route1\n", ! SPP_ARGS(ifp)); ! rtinit(ifa, (int)RTM_DELETE, 0); si->sin_addr.s_addr = htonl(src); + + /* seems like this is the place to modify any routing info */ + /* + * XXXX + * BEWARE !! if the semantics for a dynamic + * address (IP == 0 || IP == 1) are changed, then this + * will *not* work anymore !!!! + */ + if (src == 0) { /* deleting the address */ + if (debug) + log(LOG_DEBUG, SPP_FMT "\ndeleting route2\n", + SPP_ARGS(ifp)); + /* XXX RTF_HOST or 0 ?? */ + rtinit(ifa, (int)RTM_DELETE, 0); + } else if (src && src != 1) { /* adding a new address */ + if (debug) + log(LOG_DEBUG, SPP_FMT "adding route\n", + SPP_ARGS(ifp)); + rtinit(ifa, (int)RTM_ADD, 0|RTF_UP); + } + } } static int To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3638FAB0.43A8FB>