Date: Fri, 24 Dec 1999 09:36:25 -0600 From: "Alejandro Ramirez" <ales@megared.net.mx> To: <cjclark@home.com>, "Sonny Van Hook" <blackice@muller.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Stuck debugging NATD Message-ID: <00ea01bf4e24$a3811c40$d2630a0a@megared.net.mx> References: <3.0.1.32.19991223202408.006bd45c@muller.net> <3.0.1.32.19991224002358.006c7fa8@muller.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > At 12:01 AM 12/24/99 -0500, Crist J. Clark wrote: > >Sonny Van Hook wrote, > >[snip] > >> /etc/rc.conf > >> natd_enable="YES" #This isredundant since it's > >> natd_interface="de0" #manually config'd in rc.firewall > > > >No, it's not redundant. The 'natd_enable' variable is used in > >rc.network to actually run natd. > > Thanks for the clarification. I'm rather new to this > as you might be able to tell! > > >> As you can see, my local net uses the 192.168.0.x address > >> space. All machines are configured to use 192.168.0.1 as > >> their default gateway. I'm pretty sure this is not a routing > >> problem because when I use the 'open' (allow all) profile, > >> I have the same problem. > > > >If you do tcpdumps on the FreeBSD machine, do you see packets coming > >in lnc1 and going nowhere? > > I don't have access to the machine right now, but I > will definitely check on Sunday. Thanks for the tip. > > >> Lastly, I see this right at the end of 'dmesg': > >> IP packet filtering initialized, divert disabled, rule-based forwarding > >> disabled, logging disabled > >> ip_fw_ctl: invalid command > > > >Did you recompile your kernel with (at least), > > > >options IPFIREWALL #firewall > >options IPDIVERT #divert sockets > > > >Included? > > Yes, I did. In fact, it has many of the options > and perhaps (?) I don't need all of them? It has: > > options INET > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options "IPFIREWALL_VERBOSE_LIMIT=10" > options IP_FILTER You dont need the last option, and it seems that you didnt install the kernel that you build, because you have divert disabled in the dmesg. Try this option also in your kernel: options IPFIREWALL_DEFAULT_TO_ACCEPT #Accepts Everything by default, and start denying things one by one in the /etc/rc.firewall file. and in rc.conf try using : firewall_enable="YES" firewall_type="UNKNOWN" You dont have to modify your /etc/rc.firewall file for natd to work, but if you want to enable some firewall features, then you will have to. P.S. Just follow the instructions in the man page for natd, and you will have it running in a few minutes. Merry Xmas Ales > > It has ALL of the default options listed in the > Complete FreeBSD with the exception of the option > that emulates TCP 4.2. > > The book (Complete FreeBSD) was a bit vague on some > of the options. Should I strip it down to only > include IPFIREWALL and IPDIVERT (and INET, too) ? > > Thanks for the help. > > Sonny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ea01bf4e24$a3811c40$d2630a0a>