From owner-freebsd-questions Tue May 16 10:12:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cwolf.alaska.edu (cwolf.uaa.alaska.edu [137.229.100.202]) by hub.freebsd.org (Postfix) with ESMTP id D8DDF37B577 for ; Tue, 16 May 2000 10:12:29 -0700 (PDT) (envelope-from axtjr@UAA.ALASKA.EDU) Received: from billyjoetombob ([137.229.114.233]) by UAA.ALASKA.EDU (PMDF V5.2-29 #34509) with ESMTPA id <01JPGNQBVVOO8WW1PT@UAA.ALASKA.EDU> for freebsd-questions@freebsd.org; Tue, 16 May 2000 09:10:19 -0800 Date: Tue, 16 May 2000 09:13:43 -0800 From: axtjr@UAA.ALASKA.EDU Subject: natd / ipfw config problem To: freebsd-questions@freebsd.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG All: I need some help ironing out the problems with my ipfw/natd configs. Problem: Everything seem to be passing back and forth ok, but I am spammed with 'failed to write back packet (Host is down)'. I can't seem to identify the host in question. Setup: I've recompiled and installed the kernel with the IPFIREWALL and IPDIVERT options built in for Freebsd 3.2. I have a cable modem setup with a static ip. My intentions are to setup various services behind a firewall. cable modem/internet <-> ed0/firewall/ed1 <-> home lan ed0 = staticip netmask 255.255.240.0 ed1 = 192.168.115.100 I have natd setup with: interface ed0 use_sockets yes redirect_address 192.168.115.100 my.static.ip I have the firewall rule set of: 100 divert 8668 ip from any to any 200 allow ip from any to any 65635 deny ip from any to any I've removed all firewall rules except for the three listed above. When I remove rule number 100, the 'Host is down' errors stop. natd fires up ok, ipfw comes up ok, my static ip functions, I can telnet and ping remote hosts, I can telnet into my box from remote hosts. I just get spammed with this (host is down) error message. Tests: (All tests conducted from firewall console) I've searched through several websites and archives of this list. It seems that the natd / ipfw / internet connection has alot of potential for various errors. I did find some comments about putting a 'via ed0' at the end of rule 100 could cause problems, so I removed it with no luck. I read that their could be an arp problem with cable modems, so figuring that the 255.255.240.0 subnet mask may be causing a headache I manually added the gateway router to the arp table with arp -S . I've followed the guidelines of freebsddiary and the mostgraveconcern.com guidelines. I see no differences from these setups and my own. Anyway help, guidance, pointers to additional docs would be greatly appreciated. From reviewing the lists this is a difficult configuration, is there any other software that is equally functional that is easier to configure and maintain? Thanks in advance for your patience and help, please feel free to reply directly to me to keep the spam down. Thanks, Tom ********************************************************** * Tom Riley, CNE University of Alaska Anchorage * * Systems Engineer IT Services, Engineering Team * * axtjr@uaa.alaska.edu (907)786-1256 * * ----------------------- * * No life ever grows great until it is focused, * * dedicated, and disciplined. * ********************************************************** -----BEGIN GEEK CODE BLOCK----- GCS/E/IT d(-) s+:++ a- C++(+++) UB++++$ UL++$ US++++$ P+++$ L+ E W++ N++ o? K? w+(++) O--- M(-) V- PS(-) PE+ Y+ PGP(++) t+(++) 5+++ X+ R tv-(+) b+++ DI++(+++) D G(++) e+++> h*(++) r y+ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message