From owner-freebsd-questions Fri Dec 24 7:36:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from unix.megared.net.mx (megamail.megared.com.mx [207.249.162.252]) by hub.freebsd.org (Postfix) with ESMTP id 2D0EE14CCF for ; Fri, 24 Dec 1999 07:36:38 -0800 (PST) (envelope-from ales@megared.net.mx) Received: from ales (pix.gdl.megared.net.mx [207.249.162.253]) by unix.megared.net.mx (8.9.3/8.9.3) with SMTP id JAA77122; Fri, 24 Dec 1999 09:35:17 -0600 (CST) (envelope-from ales@megared.net.mx) Message-ID: <00ea01bf4e24$a3811c40$d2630a0a@megared.net.mx> From: "Alejandro Ramirez" To: , "Sonny Van Hook" Cc: References: <3.0.1.32.19991223202408.006bd45c@muller.net> <3.0.1.32.19991224002358.006c7fa8@muller.net> Subject: RE: Stuck debugging NATD Date: Fri, 24 Dec 1999 09:36:25 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, > At 12:01 AM 12/24/99 -0500, Crist J. Clark wrote: > >Sonny Van Hook wrote, > >[snip] > >> /etc/rc.conf > >> natd_enable="YES" #This isredundant since it's > >> natd_interface="de0" #manually config'd in rc.firewall > > > >No, it's not redundant. The 'natd_enable' variable is used in > >rc.network to actually run natd. > > Thanks for the clarification. I'm rather new to this > as you might be able to tell! > > >> As you can see, my local net uses the 192.168.0.x address > >> space. All machines are configured to use 192.168.0.1 as > >> their default gateway. I'm pretty sure this is not a routing > >> problem because when I use the 'open' (allow all) profile, > >> I have the same problem. > > > >If you do tcpdumps on the FreeBSD machine, do you see packets coming > >in lnc1 and going nowhere? > > I don't have access to the machine right now, but I > will definitely check on Sunday. Thanks for the tip. > > >> Lastly, I see this right at the end of 'dmesg': > >> IP packet filtering initialized, divert disabled, rule-based forwarding > >> disabled, logging disabled > >> ip_fw_ctl: invalid command > > > >Did you recompile your kernel with (at least), > > > >options IPFIREWALL #firewall > >options IPDIVERT #divert sockets > > > >Included? > > Yes, I did. In fact, it has many of the options > and perhaps (?) I don't need all of them? It has: > > options INET > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options "IPFIREWALL_VERBOSE_LIMIT=10" > options IP_FILTER You dont need the last option, and it seems that you didnt install the kernel that you build, because you have divert disabled in the dmesg. Try this option also in your kernel: options IPFIREWALL_DEFAULT_TO_ACCEPT #Accepts Everything by default, and start denying things one by one in the /etc/rc.firewall file. and in rc.conf try using : firewall_enable="YES" firewall_type="UNKNOWN" You dont have to modify your /etc/rc.firewall file for natd to work, but if you want to enable some firewall features, then you will have to. P.S. Just follow the instructions in the man page for natd, and you will have it running in a few minutes. Merry Xmas Ales > > It has ALL of the default options listed in the > Complete FreeBSD with the exception of the option > that emulates TCP 4.2. > > The book (Complete FreeBSD) was a bit vague on some > of the options. Should I strip it down to only > include IPFIREWALL and IPDIVERT (and INET, too) ? > > Thanks for the help. > > Sonny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message