Date: Thu, 6 Sep 2001 16:34:31 -0400 (EDT) From: Kenneth W Cochran <kwc@world.std.com> To: fallous <fallous@warped.com> Cc: freebsd-stable@freebsd.org Subject: Re: NAT with >1 public interface still not working Message-ID: <200109062034.QAA17278@world.std.com> References: <200109061442.KAA04616@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey, thanks... (& for your previous message a couple of days ago, too, but I've been having email troubles.) But it still doesn't work, i.e. no change from previous behavior. As a test/example, traceroute from the "private" machine to anywhere "outside" stops at the gateway machine. This *has* to work somehow - I got this to work a few months ago for someone using Windows 98 & its ICS (Internet Connection Sharing). This is obviously some kind of "operator error" (& truth-be-known, probably yet another shortcoming of Windows, security-wise), but I can't find the information I need to make this work. :( For example, which IP? What change(s) do I need to make to my ipfw fules and/or natd to fix this? Or maybe I should use ipnat? -kc >From: fallous <fallous@warped.com> >To: Kenneth W Cochran <kwc@world.std.com>, freebsd-stable@freebsd.org >Subject: Re: NAT with >1 public interface still not working >Date: Thu, 6 Sep 2001 08:20:59 -0700 > >divert 8668 ip from any to any via IP instead of interface name should work >assuming that incoming on fxp0 has the same destination IP as what your >outgoing packets use as source. > >On Thursday 06 September 2001 07:42 am, Kenneth W Cochran wrote: >> Hello: >> >> How do I "properly" set up NAT on a (gateway) system that >> "transmits" and "receives" on different interfaces? >> >> Briefly - Machine A receives on fxp0 & transmits on ppp0. >> I'd like to use a 2nd Ethernet on Machine A (fxp1) for the >> "NAT"ed/masqueraded network. >> >> Scenario: >> >> Machine A: >> - Running RELENG_4 as of 2001/09/01; tracking -stable roughly weekly >> (thus one reason I'm asking on -stable :). >> - Connected to a "hybrid" aka "1-way" cable-modem, >> - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24) >> - "Transmits/outgoing" via analog dial-modem & ppp(d). >> - "Real" ip-address is established by (kernel) pppd (ppp0, >> *not* tun0), and is "officially" dynamic, even though it >> always (at least right now) gets the same ip-address. >> - Runs cache-only nameserver. >> - Has been running in this manner for about 1.5 years. >> - (recently) Has 2nd NIC (fxp1), connected to hub for private network. >> >> Machine B: >> - Has private ip-address on "its" fxp0. >> - Connected via hub to 2nd NIC (fxp1) on Machine A. >> >> I've followed the instructions from the Handbook, Section >> 18.10, Network Address Translation with regard to kernel & >> rc.conf configuration, etc. >> >> Here is the output from "ipfw list" on Machine A: >> >> 00050 divert 8668 ip from any to any via fxp0 >> 00100 allow ip from any to any via lo0 >> 00200 deny ip from any to 127.0.0.0/8 >> 00300 deny ip from 127.0.0.0/8 to any >> 65000 allow ip from any to any >> 65535 allow ip from any to any >> >> Machines A & B can talk to each other; I can ping & ssh from/to >> either one, & DNS works on both machines. However, while >> Machine A communicates "outside" (with the Internet) as usual, >> Machine B cannot. I'm beginning to wonder if FreeBSD can even >> *do* this, as I can't find anything in the natd manpage (or >> experimentation) that indicates natd can support >1 interface, >> and the manpages are silent about use of kernel ppp for this. (?) :-/ >> >> I'm thinking something needs to be tweaked in the ipfw and/or >> natd-config(s). Suggestions? Also, where would be the best place(s) >> to put these "customizations" (for example, so as to not be any >> more "disruptive" than necessary to the base-OS configs)? >> Does it matter whether the ppp(d)-link is up before/after >> ipfw/natd configuration? >> >> Of course, FAQ/-doc/readme pointers are quite welcome. :) >> Please cc replies to me. >> >> Many thanks, >> >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109062034.QAA17278>