From owner-freebsd-questions Sun Aug 16 12:48:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA13209 for freebsd-questions-outgoing; Sun, 16 Aug 1998 12:48:52 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from soleil.uvsq.fr (soleil.uvsq.fr [193.51.24.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA13172 for ; Sun, 16 Aug 1998 12:48:44 -0700 (PDT) (envelope-from Dang-Ngoc.Tuyet-Tram@prism.uvsq.fr) Received: from guillotin.prism.uvsq.fr (guillotin.prism.uvsq.fr [193.51.25.1]) by soleil.uvsq.fr (8.9.1/jtpda-5.3.1) with ESMTP id VAA11277 for ; Sun, 16 Aug 1998 21:48:09 +0200 (METDST) Received: from gibet.prism.uvsq.fr (gibet.prism.uvsq.fr [193.51.25.3]) by guillotin.prism.uvsq.fr (8.8.4/jtpda-5.2) with ESMTP id VAA05217 for ; Sun, 16 Aug 1998 21:48:08 +0200 (MET DST) Received: from (dntt@localhost) by gibet.prism.uvsq.fr (8.8.8/jtpda-5.2) id VAA17066 for FreeBSD-questions@FreeBSD.ORG; Sun, 16 Aug 1998 21:48:08 +0200 (CEST) Message-ID: <19980816214808.A17048@gibet.prism.uvsq.fr> Date: Sun, 16 Aug 1998 21:48:08 +0200 From: Dang-Ngoc TUYET-TRAM To: FreeBSD-questions@FreeBSD.ORG Subject: problem with natd and rc.firewall Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I used to run ppp in user mode on FreeBSD2.2.6 with no problem. Then, I wanted to use natd for all computer of my network to be able to connect to the Internet. I followed the recommendation of "the complete FreeBSD" book and of the FreeBSD Handbook : - I've build my kernel with : pseudo-device bpfilter 4 options IPFIREWALL options IPDIVERT - I've changed values in rc.conf by : firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="client" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="ppp0 lo0 tun0 ed0" # List of network interfaces (lo0 is loo pback). ifconfig_tun0= ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. ifconfig_ed0="inet 192.168.0.1" # the interface to my private network - I created /etc/rc.firewall with only the follwing lines : /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any - When I reboot, I get the message : IP packet filtering initialized, divert enabled, logging disabled Then when I run ppp, dial is OK, tun0 is assigned a dynamic IP adress, but if I ping an outside IP I get no response, but I can still ping an inside IP adress. # netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ed0 1500 00.40.05.60.85.25 2456 0 2381 0 0 ed0 1500 192.168 192.168.0.1 2456 0 2381 0 0 tun0 1500 2742 0 3385 0 0 tun0 1500 193.51.24 193.51.24.17 2742 0 3385 0 0 ppp0* 1500 0 0 0 0 0 lo0 16384 0 0 0 0 0 lo0 16384 127 127.0.0.1 0 0 0 0 0 # ifconfig -a ed0: flags=8843 mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:40:05:60:85:25 tun0: flags=8050 mtu 1500 ppp0: flags=8010 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 If I change the firewall rules by doing set firewall=client; sh /etc/rc.firewall.old (where rc.firewall.old is the default rc.firewall, ppp works) Perhaps must I keep this configuration for natd ? anyway, in the two case, if I run natd -use_sockets -same_ports -unregistered_only -dynamic -interface tun0 pinging something outside from another inside computer doesn't work. Any idea ? Thanks for help, Tuyet Tram DANG NGCO -- dntt@prism.uvsq.fr Universite de Versailles http://www.ens-info.uvsq.fr:8000/~dntt/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message