Date: Thu, 23 Dec 1999 20:24:08 -0800 From: Sonny Van Hook <blackice@muller.net> To: freebsd-questions@freebsd.org Subject: Stuck debugging NATD Message-ID: <3.0.1.32.19991223202408.006bd45c@muller.net>
next in thread | raw e-mail | index | archive | help
Hi everyone,
Firstly, if there is a FAQ for this, please point
me to it!
I'm using FreeBSD 3.3 to create a firewall machine
that will also run NATD. This machine will replace
an existing NT machine performing the same function.
I have a single ADSL line coming into the FreeBSD's
primary NIC (de0) and my LAN's hub is connected to
my FreeBSD's secondary NIC (lnc1).
I've been using 'Complete FreeBSD' as a guide and I think
everything's correct, but nothing seems to work. Here
are snippets from the important files:
/etc/rc.conf
# --- Important info about the network --- # SV 12/23
ifconfig_lnc1="inet 192.168.0.1 netmask 255.255.255.0" #Internal
ifconfig_de0="inet 216.102.106.36 netmask 255.255.255.0" #External
ifconfig_lo0="inet 127.0.0.1" #Loopback
defaultrouter="216.102.106.254"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES" #This isredundant since it's
natd_interface="de0" #manually config'd in rc.firewall
/etc/rc.firewall
### Flush out the list before we begin.
/sbin/ipfw -f flush
### Divert all packets before applying any rules
/sbin/ipfw add divert natd all from any to any via de0
### Only in rare cases do you want to change these rules
/sbin/ipfw add 100 pass all from any to any via lo0
/sbin/ipfw add
200 deny all from any to 127.0.0.0/8
## (this is all from 'simple' profile in default rc.firewall)
# This is a prototype setup for a simple firewall. Configure
# this machine as a named server and ntp server, and point all
# the machines on the inside at this machine for those services.
### set these to your outside interface
### network and netmask and ip
oif="de0"
onet="216.102.106.0" # Pacbell's DSL subnet
omask="255.255.255.0"
oip="216.102.106.36" # Our DSL address
### set these to your inside interface
### network and netmask and ip
iif="lnc1"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.1" # This machine's LAN IP
<remaining rules snipped for brevity>
I can access the internet from the FreeBSD machine, but none
of the machines on my local lan can get out. I usually test
using telnet by name, then by IP.
As you can see, my local net uses the 192.168.0.x address
space. All machines are configured to use 192.168.0.1 as
their default gateway. I'm pretty sure this is not a routing
problem because when I use the 'open' (allow all) profile,
I have the same problem.
Lastly, I see this right at the end of 'dmesg':
IP packet filtering initialized, divert disabled, rule-based forwarding
disabled, logging disabled
ip_fw_ctl: invalid command
Any help would be greatly appreciated.
Thanks.
Sonny
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19991223202408.006bd45c>