From owner-freebsd-ipfw Wed Aug 9 12:58: 7 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from stratus.cloudfactory.org (cloudfactory.org [205.179.129.18]) by hub.freebsd.org (Postfix) with ESMTP id C19DF37BF1E for ; Wed, 9 Aug 2000 12:57:59 -0700 (PDT) (envelope-from terrac@cloudfactory.org) Received: from localhost (terrac@localhost) by stratus.cloudfactory.org (8.8.8/8.8.7) with ESMTP id NAA17508 for ; Wed, 9 Aug 2000 13:00:35 -0700 Date: Wed, 9 Aug 2000 13:00:35 -0700 (PDT) From: TeRrAc To: FreeBSD IPFW list Subject: natd + IPFW Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I am sure this question may heve been raised before, but I am new to this list and this is a concern of mine now so I will ask it anyways. I am setting up a aFreeBSD machine to act as a gateway between an RFC1918 network and the public internet. There are two interfaces on this machine and I believe I have set up natd correctly. In my tests to see if everything is running well I ping from a machine internally to a machine externally. The packets seem to get out but they do not return. The external interface is fxp0 and the internal fxp1. The internal interface is numbered 10.0.0.1 and has one machine sitting at 10.0.0.2. I am pretty sure, but not positive that this is because of the IPFW rules. Below are the relevant configurations that I have made. ---- changes to /etc/rc.conf gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_program="/sbin/natd" natd_enable="YES" natd_interface="fxp1" natd_flags="-l -u -m " Changes to /etc/services natd 8668/divert # Network Address Translation socket Changes to the kernel options IPFIREWALL options IPDIVERT options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE pseudo-device bpf I have also tried using the IPFW commands; /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via ed0 /sbin/ipfw add pass all from any to any ---- If there is something glaringly obvious that I have overlooked, or to the contrary if I have options that I do need for this case (possibly IPFIREWALL_FORWARD) then please point them out. As I am simply attempting to get NAT working correctly right now I have set the firewall_type="OPEN". using the IPFW commands as well should effectivly disable all this and divert the packets sent form one interface to the nat daemon and pass them all. So my question, whats going wrong here? Thank you, and all support is appreciated. Terrac Skiens To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message