Date: Wed, 05 Apr 2000 02:03:39 -0400 (EDT) From: Mike Heffner <mheffner@mailandnews.com> To: cjclark@home.com Cc: freebsd-ipfw@FreeBSD.ORG, Mike Heffner <spock@techfour.net> Subject: Re: Problems with natd Message-ID: <XFMail.20000405020339.mheffner@mailandnews.com> In-Reply-To: <20000404231711.A40889@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05-Apr-2000 Crist J. Clark wrote:
|>
|> Using the following three ipfw entries:
|>
|> allow ip from any to any via ep0
|> divert natd from any to any via ed0
|
| ITYM, "divert natd ip from any to any via ed0"
Yep, that's what I meant....human translating problem ;)
|
| I assume you upgraded to 4.0-STABLE? No, I have not noticed anything
| like this.
|
No, like I said I've been tracking current on the box, and I was just about a
month behind on my builds, so from about an early March current to an early
April current.
|> Thanks, let me know if there is any more information I can provide
|
| Let's get it all,
|
This is not my full firewall, network setup, but I have tested it with these
simplified settings ( and it still doesn't seem to work ):
natd.conf file:
interface ed0
same_ports yes
dynamic yes
ipfw rules:
00010 176 14949 count log ip from any to any
00015 24 2634 allow ip from any to any via lo0
00100 0 0 allow ip from any to any via ep0
00200 6 248 divert 8668 ip from any to any via ed0
00300 57 6332 allow ip from any to any
65535 1 28 deny ip from any to any
$ ifconfig -a
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet a.b.c.d netmask 0xffffff00 broadcast 255.255.255.255
ether 00:40:05:63:46:3d
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:20:af:a1:05:8b
media: 10baseT/UTP
supported media: 10baseT/UTP
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
[a.b.c.d == outside, real, ip]
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default a.b.c.d UGSc 19 94 ed0
10/24 link#2 UC 0 0 ep0 =>
127.0.0.1 127.0.0.1 UH 1 20 lo0
a.b.c link#1 UC 0 0 ed0 =>
a.b.c.d 0:d0:58:c7:98:38 UHLW 19 0 ed0 1200
[a.b.c.d == my cable modem router]
also, here is part of a natd verbose output log, first part is successful
ICMP'ing, second is an unsuccessful ftp connect attempt:
Out [ICMP] [ICMP] a.b.c.d -> e.f.g.h 8(0) aliased to
[ICMP] a.b.c.d -> e.f.g.h 8(0)
In [ICMP] [ICMP] e.f.g.h -> a.b.c.d 0(0) aliased to
[ICMP] e.f.g.h -> a.b.c.d 0(0)
Out [ICMP] [ICMP] a.b.c.d -> e.f.g.h 8(0) aliased to
[ICMP] a.b.c.d -> e.f.g.h 8(0)
Out [ICMP] [ICMP] a.b.c.d -> e.f.g.h 8(0) aliased to
[ICMP] a.b.c.d -> e.f.g.h 8(0)
Out [ICMP] [ICMP] a.b.c.d -> e.f.g.h 8(0) aliased to
[ICMP] a.b.c.d -> e.f.g.h 8(0)
In [ICMP] [ICMP] e.f.g.h -> a.b.c.d 0(0) aliased to
[ICMP] e.f.g.h -> a.b.c.d 0(0)
Out [TCP] [TCP] a.b.c.d:1026 -> e.f.g.h:21 aliased to
[TCP] a.b.c.d:1026 -> e.f.g.h:21
Out [TCP] [TCP] a.b.c.d:1026 -> e.f.g.h:21 aliased to
[TCP] a.b.c.d:1026 -> e.f.g.h:21
Out [TCP] [TCP] a.b.c.d:1026 -> e.f.g.h:21 aliased to
[TCP] a.b.c.d:1026 -> e.f.g.h:21
Out [TCP] [TCP] a.b.c.d:1026 -> e.f.g.h:21 aliased to
[TCP] a.b.c.d:1026 -> e.f.g.h:21
[ a.b.c.d == my ip address
e.f.g.h == an internet server ip ]
Hope that helps,
...I will probably have more free time later in the week to try some other
combinations and what not, and maybe take alook at the natd code or something
/****************************************
* Mike Heffner <spock@techfour.net> *
* Fredericksburg, VA ICQ# 882073 *
* Sent at: 05-Apr-2000 -- 00:23:56 EST *
* http://my.ispchannel.com/~mheffner *
****************************************/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000405020339.mheffner>