From owner-freebsd-stable Thu Sep 6 13:35:29 2001 Delivered-To: freebsd-stable@freebsd.org Received: from sgi04-e.std.com (sgi04-e.std.com [199.172.62.134]) by hub.freebsd.org (Postfix) with ESMTP id 9E95A37B403 for ; Thu, 6 Sep 2001 13:35:24 -0700 (PDT) Received: from world.std.com (world-f.std.com [199.172.62.5]) by sgi04-e.std.com (8.9.3/8.9.3) with ESMTP id QAA33061316; Thu, 6 Sep 2001 16:35:22 -0400 (EDT) Received: (from kwc@localhost) by world.std.com (8.9.3/8.9.3) id QAA17278; Thu, 6 Sep 2001 16:34:31 -0400 (EDT) Date: Thu, 6 Sep 2001 16:34:31 -0400 (EDT) From: Kenneth W Cochran Message-Id: <200109062034.QAA17278@world.std.com> To: fallous Subject: Re: NAT with >1 public interface still not working Cc: freebsd-stable@freebsd.org References: <200109061442.KAA04616@world.std.com> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey, thanks... (& for your previous message a couple of days ago, too, but I've been having email troubles.) But it still doesn't work, i.e. no change from previous behavior. As a test/example, traceroute from the "private" machine to anywhere "outside" stops at the gateway machine. This *has* to work somehow - I got this to work a few months ago for someone using Windows 98 & its ICS (Internet Connection Sharing). This is obviously some kind of "operator error" (& truth-be-known, probably yet another shortcoming of Windows, security-wise), but I can't find the information I need to make this work. :( For example, which IP? What change(s) do I need to make to my ipfw fules and/or natd to fix this? Or maybe I should use ipnat? -kc >From: fallous >To: Kenneth W Cochran , freebsd-stable@freebsd.org >Subject: Re: NAT with >1 public interface still not working >Date: Thu, 6 Sep 2001 08:20:59 -0700 > >divert 8668 ip from any to any via IP instead of interface name should work >assuming that incoming on fxp0 has the same destination IP as what your >outgoing packets use as source. > >On Thursday 06 September 2001 07:42 am, Kenneth W Cochran wrote: >> Hello: >> >> How do I "properly" set up NAT on a (gateway) system that >> "transmits" and "receives" on different interfaces? >> >> Briefly - Machine A receives on fxp0 & transmits on ppp0. >> I'd like to use a 2nd Ethernet on Machine A (fxp1) for the >> "NAT"ed/masqueraded network. >> >> Scenario: >> >> Machine A: >> - Running RELENG_4 as of 2001/09/01; tracking -stable roughly weekly >> (thus one reason I'm asking on -stable :). >> - Connected to a "hybrid" aka "1-way" cable-modem, >> - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24) >> - "Transmits/outgoing" via analog dial-modem & ppp(d). >> - "Real" ip-address is established by (kernel) pppd (ppp0, >> *not* tun0), and is "officially" dynamic, even though it >> always (at least right now) gets the same ip-address. >> - Runs cache-only nameserver. >> - Has been running in this manner for about 1.5 years. >> - (recently) Has 2nd NIC (fxp1), connected to hub for private network. >> >> Machine B: >> - Has private ip-address on "its" fxp0. >> - Connected via hub to 2nd NIC (fxp1) on Machine A. >> >> I've followed the instructions from the Handbook, Section >> 18.10, Network Address Translation with regard to kernel & >> rc.conf configuration, etc. >> >> Here is the output from "ipfw list" on Machine A: >> >> 00050 divert 8668 ip from any to any via fxp0 >> 00100 allow ip from any to any via lo0 >> 00200 deny ip from any to 127.0.0.0/8 >> 00300 deny ip from 127.0.0.0/8 to any >> 65000 allow ip from any to any >> 65535 allow ip from any to any >> >> Machines A & B can talk to each other; I can ping & ssh from/to >> either one, & DNS works on both machines. However, while >> Machine A communicates "outside" (with the Internet) as usual, >> Machine B cannot. I'm beginning to wonder if FreeBSD can even >> *do* this, as I can't find anything in the natd manpage (or >> experimentation) that indicates natd can support >1 interface, >> and the manpages are silent about use of kernel ppp for this. (?) :-/ >> >> I'm thinking something needs to be tweaked in the ipfw and/or >> natd-config(s). Suggestions? Also, where would be the best place(s) >> to put these "customizations" (for example, so as to not be any >> more "disruptive" than necessary to the base-OS configs)? >> Does it matter whether the ppp(d)-link is up before/after >> ipfw/natd configuration? >> >> Of course, FAQ/-doc/readme pointers are quite welcome. :) >> Please cc replies to me. >> >> Many thanks, >> >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message