From owner-freebsd-questions Mon Apr 24 19: 8:35 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cytosine.dhs.org (cx272244-a.orng1.occa.home.com [24.1.177.149]) by hub.freebsd.org (Postfix) with ESMTP id BADDF37B7B2 for ; Mon, 24 Apr 2000 19:08:22 -0700 (PDT) (envelope-from bhishan@cytosine.dhs.org) Received: (from bhishan@localhost) by cytosine.dhs.org (8.10.0/8.10.0) id e3ONYwZ54369; Mon, 24 Apr 2000 16:34:58 -0700 (PDT) From: Bhishan Hemrajani Message-Id: <200004242334.e3ONYwZ54369@cytosine.dhs.org> Subject: Re: Natd doesn't work after upgrade to 4.0 stable In-Reply-To: <3904BEE2.900D3C72@rochester.rr.com> from David Heller at "Apr 24, 2000 05:38:42 pm" To: David Heller Date: Mon, 24 Apr 2000 16:34:58 -0700 (PDT) Cc: freebsd-questions@freebsd.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG If you take a look at your /etc/rc.conf, I see that you have gateway_enable set to "NO". Please set that to yes. If you don't want to restart, do this: # sysctl -w net.inet.ip.forwarding=1 And also make sure that you have done everything in the instructions of the natd manpage. (man natd) It is near the bottom of the man page. --bhishan > > Hi > > I just upgraded to 4.0 stable from 3.4 stable and I'm having a problem > getting natd to work. I can access the internet from the FreeBSD machine > (my gateway) ok but any machine on my LAN cannot ftp telnet or browse > the "WEB". I've included my rc.conf natd.conf and the output from "$bash > ipfw list". This worked before the upgrade fine and I tried an open > firewall also still can't get out of my LAN. My new kernel I configured > with IPFIREWALL and IPDIVERT enabled. Please any help or suggestion > welcome. > > Thanks, > > Dave > 00100 divert 8668 ip from any to any via ep0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 10.0.0.0/24 to any in recv ep0 > 00400 deny ip from 24.24.34.0/24 to any in recv ep1 > 00500 deny ip from 10.0.0.0/8 to any via ep0 > 00600 deny ip from any to 10.0.0.0/8 via ep0 > 00700 deny ip from 172.16.0.0/12 to any via ep0 > 00800 deny ip from any to 172.16.0.0/12 via ep0 > 00900 deny ip from 192.168.0.0/16 to any via ep0 > 01000 deny ip from any to 192.168.0.0/16 via ep0 > 01100 deny ip from 0.0.0.0/8 to any via ep0 > 01200 deny ip from any to 0.0.0.0/8 via ep0 > 01300 deny ip from 169.254.0.0/16 to any via ep0 > 01400 deny ip from any to 169.254.0.0/16 via ep0 > 01500 deny ip from 192.0.2.0/24 to any via ep0 > 01600 deny ip from any to 192.0.2.0/24 via ep0 > 01700 deny ip from 224.0.0.0/4 to any via ep0 > 01800 deny ip from any to 224.0.0.0/4 via ep0 > 01900 deny ip from 240.0.0.0/4 to any via ep0 > 02000 deny ip from any to 240.0.0.0/4 via ep0 > 02100 allow tcp from any to any established > 02200 allow ip from any to any frag > 02300 allow tcp from any to 24.24.34.x 25 setup > 02400 allow tcp from any to 24.24.34.x 53 setup > 02500 allow udp from any to 24.24.34.x 53 > 02600 allow udp from 24.24.34.x 53 to any > 02700 allow tcp from any to 24.24.34.x 67 setup > 02800 allow tcp from any to 24.24.34.x 80 setup > 02900 deny log logamount 100 tcp from any to any in recv ep0 setup > 03000 allow tcp from any to any setup > 03100 allow udp from any 53 to 24.24.34.x > 03200 allow udp from 24.24.34.x to any 53 > 03300 allow udp from any 123 to 24.24.34.x > 03400 allow udp from 24.24.34.x to any 123 > 03500 allow ip from any to any > 65535 deny ip from any to any > use_sockets > log > dynamic > > > > # This file now contains just the overrides from /etc/defaults/rc.conf > # please make all changes to this file. > > network_interfaces="lo0 ep0 ep1" > defaultrouter="NO" > # -- sysinstall generated deltas -- # > pccard_ifconfig="NO" > pccard_mem="DEFAULT" > # -- sysinstall generated deltas -- # > moused_enable="NO" > # -- sysinstall generated deltas -- # > linux_enable="YES" > hostname="main.hellerkin.local" > gateway_enable="YES" > firewall_enable="YES" > firewall_type="simple" > dhcp_flags="-q" > natd_enable="YES" > natd_interface="ep0" > natd_flags="-f /etc/natd.conf" > log_in_vain="YES" > lpd_enable="YES" > named_enable="YES" > amd_enable="YES" > amd_flags="-F /etc/amd.conf" > #rarpd_enable="YES" > #rarpd_flags="-a -s" > #nfs_server_enable="YES" > #mountd_flags="-r" > ntpdate_enable="YES" > named_flags="-b /etc/named.conf" > # -- sysinstall generated deltas -- # > releaseName="3.3-19991005-STABLE" > # -- sysinstall generated deltas -- # > usbd_enable="YES" > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message