Date: Sat, 5 Jun 1999 00:22:30 -0700 (PDT) From: "Bret A. Ford" <bford@uop.cs.uop.edu> To: freebsd-questions@freebsd.org Cc: bford@uop.cs.uop.edu Subject: NATD difficulties Message-ID: <199906050722.AAA00378@uop.cs.uop.edu>
next in thread | raw e-mail | index | archive | help
I recently acquired a DSL connection, and have been struggling with getting natd up and running. With my old dial-up ppp -alias -background connection, I was able to serve the household PCs beautifully. DSL promises to be really beautiful, but it's hurting me right now! :-) Here's my setup: PC1 - 192.168.0.1 PC2 - 192.168.0.2 2 interfaces in the FreeBSD machine: FreeBSD LAN NIC vx0 - 192.168.0.3 FreeBSD DSL NIC ed0 - red.act.ed.ip I've got options IPFIREWALL and IPDIVERT in my kernel. Critical snippits from rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="open" # Firewall type (see /etc/rc.firewall) network_interfaces="lo0 vx0 ed0" # List of network interfaces (lo0 is loopback). ifconfig_vx0="inet 192.168.0.3 netmask 0xffffff00" ifconfig_ed0="inet red.act.ed.ip netmask 0xffff0000" defaultrouter="red.act.ed.254" gateway_enable="YES" # Set to YES if this host will be a gateway. natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="ed0" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. I'm using the open firewall rule in rc.firewall without any changes. ipfw list shows the firewall rules looking this way, upon bootup: 00100 divert 8668 ip from any to any via ed0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any With that, I get "ping: sendto: Permission denied" when pinging by IP address, and messages like "ping: cannot resolve ftp.cdrom.com: Host name lookup failure" when pinging by hostname. This, by the way, is the result when working directly with the FreeBSD machine. Similarly no joy with the PCs. Now, by doing a "ipfw add 1 pass all from any to any", I get Internet connectivity on the FreeBSD machine (name lookup works, everything's fine), but no Internet for the PCs. My ipfw rules now look like this: 00001 allow ip from any to any 00100 divert 8668 ip from any to any via ed0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any I'm probably doing one or more things wrong. Any advice greatly appreciated, Thanks much! Bret Ford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906050722.AAA00378>