Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Dec 1999 20:24:08 -0800
From:      Sonny Van Hook <blackice@muller.net>
To:        freebsd-questions@freebsd.org
Subject:   Stuck debugging NATD
Message-ID:  <3.0.1.32.19991223202408.006bd45c@muller.net>

next in thread | raw e-mail | index | archive | help
Hi everyone,

Firstly, if there is a FAQ for this, please point
me to it!

I'm using FreeBSD 3.3 to create a firewall machine 
that will also run NATD.  This machine will replace 
an existing NT machine performing the same function.  
I have a single ADSL line coming into the FreeBSD's 
primary NIC (de0) and my LAN's hub is connected to 
my FreeBSD's secondary NIC (lnc1).

I've been using 'Complete FreeBSD' as a guide and I think
everything's correct, but nothing seems to work.  Here
are snippets from the important files:

/etc/rc.conf
#  --- Important info about the network --- #  SV 12/23
ifconfig_lnc1="inet 192.168.0.1 netmask 255.255.255.0" #Internal
ifconfig_de0="inet 216.102.106.36 netmask 255.255.255.0" #External
ifconfig_lo0="inet 127.0.0.1" #Loopback
defaultrouter="216.102.106.254"	
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"		#This isredundant since it's
natd_interface="de0"		#manually config'd in rc.firewall

/etc/rc.firewall
### Flush out the list before we begin.
/sbin/ipfw -f flush
### Divert all packets before applying any rules
/sbin/ipfw add divert natd all from any to any via de0
### Only in rare cases do you want to change these rules
/sbin/ipfw add 100 pass all from any to any via lo0
/sbin/ipfw add
200 deny all from any to 127.0.0.0/8

    ## (this is all from 'simple' profile in default rc.firewall)
    # This is a prototype setup for a simple firewall.  Configure 
    # this machine as a named server and ntp server, and point all 
    # the machines on the inside at this machine for those services.

### set these to your outside interface 
### network and netmask and ip
    oif="de0"
    onet="216.102.106.0"		# Pacbell's DSL subnet
    omask="255.255.255.0"
    oip="216.102.106.36"		# Our DSL address

### set these to your inside interface 
### network and netmask and ip
    iif="lnc1"
    inet="192.168.0.0"
    imask="255.255.255.0"
    iip="192.168.0.1"		# This machine's LAN IP
    <remaining rules snipped for brevity>

I can access the internet from the FreeBSD machine, but none
of the machines on my local lan can get out.  I usually test
using telnet by name, then by IP.

As you can see, my local net uses the 192.168.0.x address
space.  All machines are configured to use 192.168.0.1 as
their default gateway.  I'm pretty sure this is not a routing
problem because when I use the 'open' (allow all) profile,
I have the same problem.

Lastly, I see this right at the end of 'dmesg':
IP packet filtering initialized, divert disabled, rule-based forwarding
disabled, logging disabled
ip_fw_ctl: invalid command

Any help would be greatly appreciated.

Thanks.

Sonny



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19991223202408.006bd45c>