Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Aug 1998 21:48:08 +0200
From:      Dang-Ngoc TUYET-TRAM <Dang-Ngoc.Tuyet-Tram@prism.uvsq.fr>
To:        FreeBSD-questions@FreeBSD.ORG
Subject:   problem with natd and rc.firewall
Message-ID:  <19980816214808.A17048@gibet.prism.uvsq.fr>
next in thread | raw e-mail | index | archive | help 
Hi,

I used to run ppp in user mode on FreeBSD2.2.6 with no problem.
Then, I wanted to use natd for all computer of my network to be able to 
connect to the Internet.

I followed the recommendation of "the complete FreeBSD" book and of the FreeBSD Handbook :

- I've build my kernel with :
	pseudo-device   bpfilter        4 
	options IPFIREWALL
	options IPDIVERT
- I've changed values in rc.conf by :
firewall_enable="YES"           # Set to YES to enable firewall functionality
firewall_type="client"            # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
tcp_extensions="NO"             # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="ppp0 lo0 tun0 ed0"  # List of network interfaces (lo0 is loo
pback).
ifconfig_tun0=
ifconfig_lo0="inet 127.0.0.1"   # default loopback device configuration.
ifconfig_ed0="inet 192.168.0.1" # the interface to my private network

- I created /etc/rc.firewall with only the follwing lines :
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via tun0
/sbin/ipfw add pass all from any to any

- When I reboot, I get the message :
IP packet filtering initialized, divert enabled, logging disabled

Then when I run ppp, dial is OK, tun0 is assigned a dynamic IP adress, but 
if I ping an outside IP I get no response, but I can still ping an inside IP 
adress.

# netstat -in
Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
ed0   1500  <Link>      00.40.05.60.85.25     2456     0     2381     0     0
ed0   1500  192.168       192.168.0.1         2456     0     2381     0     0
tun0  1500  <Link>                            2742     0     3385     0     0
tun0  1500  193.51.24     193.51.24.17        2742     0     3385     0     0
ppp0* 1500  <Link>                               0     0        0     0     0
lo0   16384 <Link>                               0     0        0     0     0
lo0   16384 127           127.0.0.1              0     0        0     0     0

# ifconfig -a
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        ether 00:40:05:60:85:25 
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 

If I change the firewall rules by doing
set firewall=client; sh /etc/rc.firewall.old
(where rc.firewall.old is the default rc.firewall, ppp works)
Perhaps must I keep this configuration for natd ?

anyway, in the two case, if I run 
natd -use_sockets -same_ports -unregistered_only -dynamic -interface tun0

pinging something outside from another inside computer doesn't work.

Any idea ?
Thanks for help,


Tuyet Tram DANG NGCO
-- 
dntt@prism.uvsq.fr
Universite de Versailles
http://www.ens-info.uvsq.fr:8000/~dntt/index.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980816214808.A17048>