From owner-freebsd-net Thu Jul 1 17:50:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from netsjcms01.i-drive.com (netsjcms01.i-drive.com [216.32.226.133]) by hub.freebsd.org (Postfix) with ESMTP id 361D715170; Thu, 1 Jul 1999 17:50:45 -0700 (PDT) (envelope-from christian@i-drive.com) Received: from win95.sung.org (goliath.sung.org.i-drive.com [216.102.91.184]) by netsjcms01.i-drive.com (8.9.3/8.9.3) with ESMTP id RAA01387; Thu, 1 Jul 1999 17:50:18 -0700 (PDT) (envelope-from christian@i-drive.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <19990701164347.B22149@lunatic.oneinsane.net> Date: Thu, 01 Jul 1999 17:50:17 -0700 (PDT) Organization: i-drive.com From: Christian Sung To: "Ron 'The InSaNe One' Rosson" Subject: RE: NATD/VPN using -pptpalias Cc: freebsd-net@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 01-Jul-99 Ron 'The InSaNe One' Rosson wrote: > I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN > connection > from a client behind the NATD box to a Server out on the internet. At this > time > I am getting erro, timeout exceeded while waiting for reply. > > excerpt from rc.conf > natd_enable="YES" > natd_interface="ed0" > natd_flags="-pptpalias 192.168.2.7" > > excerpt from rc.firewall > if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then > $fwcmd add divert natd all from any to any via ${natd_interface} > fi > > edo is the line out to my cable modem and ed1 goes for my private network > using > addresses <192.168.x.x> > --- Ron, Try this: natd_interface="ed0" # Public interface to use with natd. natd_flags="-u" and make sure NATD is started *BEFORE* loading up the firewall rules. I do so inside rc-firewall itself (it used to be started in rc.network, but that was too late in the startup process). It works like a charm for me :-) # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo 'Starting Network Address Translation daemon (natd)' natd ${natd_flags} ${natd_ifarg} fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo 'Starting Network Address Translation daemon (natd)' natd ${natd_flags} ${natd_ifarg} fi -christian Christian W. Sung =============================================================== PGP Key Fingerprint: F6E2 0372 F765 28B6 6D34 7DF4 A928 A7AF 59A0 04CD =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message