From owner-freebsd-questions Fri Dec 24 0:14:22 1999 Delivered-To: freebsd-questions@freebsd.org Received: from muller.net (muller.net [192.41.21.148]) by hub.freebsd.org (Postfix) with ESMTP id D32CE14CC6 for ; Fri, 24 Dec 1999 00:14:16 -0800 (PST) (envelope-from blackice@muller.net) Received: from vanhook (dialup-209.244.97.22.SanFrancisco1.Level3.net [209.244.97.22]) by muller.net (8.8.5) id BAA00212; Fri, 24 Dec 1999 01:14:05 -0700 (MST) X-Authentication-Warning: muller.net: Host dialup-209.244.97.22.SanFrancisco1.Level3.net [209.244.97.22] claimed to be vanhook Message-Id: <3.0.1.32.19991224002358.006c7fa8@muller.net> X-Sender: blackice@muller.net X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Fri, 24 Dec 1999 00:23:58 -0800 To: cjclark@home.com From: Sonny Van Hook Subject: Re: Stuck debugging NATD Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <199912240501.AAA40197@cc942873-a.ewndsr1.nj.home.com> References: <3.0.1.32.19991223202408.006bd45c@muller.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 12:01 AM 12/24/99 -0500, Crist J. Clark wrote: >Sonny Van Hook wrote, >[snip] >> /etc/rc.conf >> natd_enable="YES" #This isredundant since it's >> natd_interface="de0" #manually config'd in rc.firewall > >No, it's not redundant. The 'natd_enable' variable is used in >rc.network to actually run natd. Thanks for the clarification. I'm rather new to this as you might be able to tell! >> As you can see, my local net uses the 192.168.0.x address >> space. All machines are configured to use 192.168.0.1 as >> their default gateway. I'm pretty sure this is not a routing >> problem because when I use the 'open' (allow all) profile, >> I have the same problem. > >If you do tcpdumps on the FreeBSD machine, do you see packets coming >in lnc1 and going nowhere? I don't have access to the machine right now, but I will definitely check on Sunday. Thanks for the tip. >> Lastly, I see this right at the end of 'dmesg': >> IP packet filtering initialized, divert disabled, rule-based forwarding >> disabled, logging disabled >> ip_fw_ctl: invalid command > >Did you recompile your kernel with (at least), > >options IPFIREWALL #firewall >options IPDIVERT #divert sockets > >Included? Yes, I did. In fact, it has many of the options and perhaps (?) I don't need all of them? It has: options INET options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE options "IPFIREWALL_VERBOSE_LIMIT=10" options IP_FILTER It has ALL of the default options listed in the Complete FreeBSD with the exception of the option that emulates TCP 4.2. The book (Complete FreeBSD) was a bit vague on some of the options. Should I strip it down to only include IPFIREWALL and IPDIVERT (and INET, too) ? Thanks for the help. Sonny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message