From owner-freebsd-isdn  Thu Oct 29 15:31:52 1998
Return-Path: <owner-freebsd-isdn@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA13318
          for freebsd-isdn-outgoing; Thu, 29 Oct 1998 15:31:52 -0800 (PST)
          (envelope-from owner-freebsd-isdn@FreeBSD.ORG)
Received: from maild.telia.com (maild.telia.com [194.22.190.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA13307
          for <freebsd-isdn@freebsd.org>; Thu, 29 Oct 1998 15:31:47 -0800 (PST)
          (envelope-from Arve.Ronning@ah.telia.no)
Received: from d1o203.telia.com (root@d1o203.telia.com [195.204.220.241])
	by maild.telia.com (8.8.8/8.8.8) with ESMTP id AAA22923;
	Fri, 30 Oct 1998 00:31:42 +0100 (CET)
Received: from ah.telia.no (t8o202p47.telia.com [195.204.219.227])
	by d1o203.telia.com (8.8.8/8.8.5) with ESMTP id AAA16947;
	Fri, 30 Oct 1998 00:33:07 +0100 (CET)
Message-ID: <3638FAB0.43A8FB@ah.telia.no>
Date: Fri, 30 Oct 1998 00:30:56 +0100
From: Arve Ronning <Arve.Ronning@ah.telia.no>
X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386)
X-Accept-Language: no, en
MIME-Version: 1.0
To: Frederico Costa <fpcosta@get2net.dk>
CC: freebsd-isdn@FreeBSD.ORG
Subject: Re: Using ipfw and NATD
References: <3638C650.73A16E9B@get2net.dk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isdn@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Frederico Costa wrote:
> 
> Hi ...
> 
> I don't know if this is the right mailing list to put this question but

It is.

> 
> I enabled the gateway and the firewall through rc.conf
> 
> Then i add the use the following to connect to my ISP:
> 
> # Put isdn working
> isdnd -l
> papauth="myauthname=xxx myauthsecret=xxx"
> spppcontrol isppp0 myauthproto=pap $papauth hisauthproto=none
> 
> ifconfig isppp0 inet 0.0.0.0 0.0.0.1 link1 debug
> route add default 0.0.0.1

I have:
       ifconfig isppp0 link1 0.0.0.0 0.0.0.1 netmask 0xffffff00
       route add default -interface isppp0
(not sure there is anything wrong with your ifconfig, but the
route add default certainly needs to be changed)

> 
> And then i use
> 
> natd -interface isppp0

Should be:
	natd -dynamic -interface isppp0

> 
> And the rules
> 
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via ed0

Should be:
	/sbin/ipfw add divert natd all from any to any via isppp0
because you want the NAT function on the external interface

> /sbin/ipfw add pass all from any to any
> 
> I think the problem is related to the fact that i am using dynamic ip's
> when i connect to the ISP, so i tried the dynamic flag in the natd, but
> nothing change.

That's because natd needs to be on isppp0 and isdn4bsd needs a patch
to work smoothly with the -dynamic option. I've attached one possible
patch from garyj@muc.de. This is probably not the official patch, but
it works fine for me and several others.
> 
> I have 2.2.7 RELEASE.
> 
> If i don't use the natd and the firewall i can connect to the internet
> using freebsd. And i can connect from the computers to the freebsd
> through my network.
> 
> But when i use the natd and ipfw, i can't to the internet and i can't
> either connect from the computers to the freebsd
> 
> Did anyone experience some problems like this. Can anyone point
> directions ?
> 
As you might already have understood, I was in the exact same situation
some months ago :).

Good luck
  -Arve

------ the patch from Gary (let's hope it doesn't get distorted by
cut&paste&mail) --

*** if_spppsubr.c.orig  Tue Aug 25 23:02:24 1998
--- if_spppsubr.c       Thu Aug 27 23:03:03 1998
***************
*** 56,61 ****
--- 56,62 ----
  #include <net/if.h>
  #include <net/netisr.h>
  #include <net/if_types.h>
+ #include <net/route.h>
  
  #include <machine/stdarg.h>
  
***************
*** 3914,3920 ****
  static void
  sppp_set_ip_addr(struct sppp *sp, u_long src)
  {
!       struct ifnet *ifp = &sp->pp_if;
        struct ifaddr *ifa;
        struct sockaddr_in *si;
  
--- 3915,3921 ----
  static void
  sppp_set_ip_addr(struct sppp *sp, u_long src)
  {
!       STDDCL;
        struct ifaddr *ifa;
        struct sockaddr_in *si;
  
***************
*** 3940,3947 ****
                        if (si)
                                break;
                }
!       if (ifa && si)
                si->sin_addr.s_addr = htonl(src);
  }
  
  static int
--- 3941,3974 ----
                        if (si)
                                break;
                }
!       if (ifa && si) {
!         /* delete the old address first XXX */
!         if (debug)
!                log(LOG_DEBUG, SPP_FMT "\ndeleting route1\n",
!                         SPP_ARGS(ifp));
!         rtinit(ifa, (int)RTM_DELETE, 0);
                si->sin_addr.s_addr = htonl(src);
+ 
+               /* seems like this is the place to modify any routing info */
+               /*
+                * XXXX
+                * BEWARE !! if the semantics for a dynamic
+                * address (IP == 0 || IP == 1) are changed, then this
+                * will *not* work anymore !!!!
+                */
+               if (src == 0) { /* deleting the address */
+                 if (debug)
+                        log(LOG_DEBUG, SPP_FMT "\ndeleting route2\n",
+                                 SPP_ARGS(ifp));
+                 /* XXX RTF_HOST or 0 ?? */
+                 rtinit(ifa, (int)RTM_DELETE, 0);
+               } else if (src && src != 1) { /* adding a new address */
+                 if (debug)
+                        log(LOG_DEBUG, SPP_FMT "adding route\n",
+                                 SPP_ARGS(ifp));
+                 rtinit(ifa, (int)RTM_ADD, 0|RTF_UP);
+               }
+       }
  }
  
  static int

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message