From owner-freebsd-questions Thu Dec 23 20:14: 8 1999 Delivered-To: freebsd-questions@freebsd.org Received: from muller.net (muller.net [192.41.21.148]) by hub.freebsd.org (Postfix) with ESMTP id 340D1155C3 for ; Thu, 23 Dec 1999 20:14:00 -0800 (PST) (envelope-from blackice@muller.net) Received: from vanhook (dialup-166.90.33.166.SanFrancisco1.Level3.net [166.90.33.166]) by muller.net (8.8.5) id VAA22003; Thu, 23 Dec 1999 21:14:06 -0700 (MST) X-Authentication-Warning: muller.net: Host dialup-166.90.33.166.SanFrancisco1.Level3.net [166.90.33.166] claimed to be vanhook Message-Id: <3.0.1.32.19991223202408.006bd45c@muller.net> X-Sender: blackice@muller.net X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Thu, 23 Dec 1999 20:24:08 -0800 To: freebsd-questions@freebsd.org From: Sonny Van Hook Subject: Stuck debugging NATD Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi everyone, Firstly, if there is a FAQ for this, please point me to it! I'm using FreeBSD 3.3 to create a firewall machine that will also run NATD. This machine will replace an existing NT machine performing the same function. I have a single ADSL line coming into the FreeBSD's primary NIC (de0) and my LAN's hub is connected to my FreeBSD's secondary NIC (lnc1). I've been using 'Complete FreeBSD' as a guide and I think everything's correct, but nothing seems to work. Here are snippets from the important files: /etc/rc.conf # --- Important info about the network --- # SV 12/23 ifconfig_lnc1="inet 192.168.0.1 netmask 255.255.255.0" #Internal ifconfig_de0="inet 216.102.106.36 netmask 255.255.255.0" #External ifconfig_lo0="inet 127.0.0.1" #Loopback defaultrouter="216.102.106.254" gateway_enable="YES" firewall_enable="YES" firewall_type="simple" natd_enable="YES" #This isredundant since it's natd_interface="de0" #manually config'd in rc.firewall /etc/rc.firewall ### Flush out the list before we begin. /sbin/ipfw -f flush ### Divert all packets before applying any rules /sbin/ipfw add divert natd all from any to any via de0 ### Only in rare cases do you want to change these rules /sbin/ipfw add 100 pass all from any to any via lo0 /sbin/ipfw add 200 deny all from any to 127.0.0.0/8 ## (this is all from 'simple' profile in default rc.firewall) # This is a prototype setup for a simple firewall. Configure # this machine as a named server and ntp server, and point all # the machines on the inside at this machine for those services. ### set these to your outside interface ### network and netmask and ip oif="de0" onet="216.102.106.0" # Pacbell's DSL subnet omask="255.255.255.0" oip="216.102.106.36" # Our DSL address ### set these to your inside interface ### network and netmask and ip iif="lnc1" inet="192.168.0.0" imask="255.255.255.0" iip="192.168.0.1" # This machine's LAN IP I can access the internet from the FreeBSD machine, but none of the machines on my local lan can get out. I usually test using telnet by name, then by IP. As you can see, my local net uses the 192.168.0.x address space. All machines are configured to use 192.168.0.1 as their default gateway. I'm pretty sure this is not a routing problem because when I use the 'open' (allow all) profile, I have the same problem. Lastly, I see this right at the end of 'dmesg': IP packet filtering initialized, divert disabled, rule-based forwarding disabled, logging disabled ip_fw_ctl: invalid command Any help would be greatly appreciated. Thanks. Sonny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message