From owner-freebsd-isp  Wed Nov  5 03:10:05 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id DAA03125
          for isp-outgoing; Wed, 5 Nov 1997 03:10:05 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from proxy.unpar.ac.id (proxy.unpar.ac.id [167.205.206.55])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA03086
          for <freebsd-isp@FreeBSD.ORG>; Wed, 5 Nov 1997 03:09:54 -0800 (PST)
          (envelope-from gatut@student.unpar.ac.id)
Received: from student.unpar.ac.id (student.unpar.ac.id [167.205.206.58])
	by proxy.unpar.ac.id (8.8.5/8.8.5) with ESMTP id RAA17380;
	Tue, 5 Nov 1996 17:53:18 +0700 (JAVT)
Received: from localhost (gatut@localhost)
	by student.unpar.ac.id (8.8.5/8.8.5.D) with SMTP id SAA09296;
	Wed, 5 Nov 1997 18:08:56 +0700 (JAVT)
Date: Wed, 5 Nov 1997 18:08:56 +0700 (JAVT)
From: V Gatut Harijoso <gatut@student.unpar.ac.id>
To: Ruslan Shevchenko <rssh@cam.grad.kiev.ua>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Help with Natd, pls.
In-Reply-To: <Pine.BSF.3.96.971105124214.491A-100000@cam.grad.kiev.ua>
Message-ID: <Pine.BSF.3.95q.971105174926.8949A-100000@student.unpar.ac.id>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 5 Nov 1997, Ruslan Shevchenko wrote:
> According to documentation I included all options in kernel,
> 
> in /etc/rc.firewall:
>    /sbin/ipfw -f flash
>    /sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
>    /sbin/ipfw add divert 6668 all from any to any via ep0
>    /sbin/ipfw add 6500 pass all from any to any.
> in /etc/rc.local:
>    /usr/sbin/natd -n ep0
> what I doing wrong ?
> 

I dont know whats wrong. Try to do these steps to detect.

1. Make sure, you have this line in /etc/services
    natd          6668/divert  # Network Address Translation socket
2. Check your server routes (netstat -rn).
3. ipfw flush
   ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
4. run your natd
	natd -port 6668 -interface ep0
   do 'netstat -a' and see is there any natd port open (listen) ?
5. ipfw add 1001 divert 6668 all from any to any via ep0
6. ipfw add 6500 pass all from any to any
7. Try to make connection. Make sure your client has correct gateway
   (server run natd).
8. Do 'ipfw show' and see what happen. How many packets come in and out,
   in which rule. 

Now, tell us the results for each step.