Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Feb 2002 09:15:21 -0500
From:      "Marko" <markovich@mindspring.com>
To:        "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re[6]: natd UDP errors with PPP demand dial
Message-ID:  <5743342710.20020209091521@mindspring.com>
In-Reply-To: <BasiliX-1.1.0-10131788693c63e1f5a7f33@artemis.drwilco.net>
References:  <BasiliX-1.1.0-10131788693c63e1f5a7f33@artemis.drwilco.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 2/8/2002 Rogier R. Mulhuijzen drwilco@drwilco.net wrote:


RRM> 1) Maybe the IP change isn't getting through to natd like it should.
RRM> 2) Have ppp kill -9 natd on link down and start natd on linkup.

RRM>       Doc

Thank you for the suggestion, Doc. The IP change gets through to natd,
but the packets causing the problem seem to be out of its jurisdiction
by then, and headed for the Internet.

It seems to me that stopping and starting natd would cause another set
of problems. The outgoing packets that prompt ppp to set up a link are
generated by machines on a private LAN. That means that if natd is not
running  at the beginning of ppp link setup, ppp will receive and will
route to the Internet some packets with private source IP. Right?

I  think  I  solved  the  problem  by using a couple of in and out ppp
filters,  which  I  mentioned  in  my  previous message:

# Allow incoming  only to current address
        set filter in 0 permit 0/0 MYADDR
        # Block destination - previous IP.
        set filter in 1 deny 0/0 0/0

# Allow outgoing only from current address
        set filter out 0 permit MYADDR 0/0 
        # Block source - previous IP.
        set filter out 1 deny 0/0 0/0

I don't know if I did the filters the best way, or if this is the best
way  to  handle  the problem. However, it seems to be working. I don't
get errors from natd since then. I might try just using the out filter
because  the  outbound  packets  seem  to  initiate  the  whole  error
sequence.

Thank you again for responding.

Marko


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5743342710.20020209091521>