From owner-freebsd-questions Wed Sep 9 21:32:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA26539 for freebsd-questions-outgoing; Wed, 9 Sep 1998 21:32:56 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from srvr20.engin.umich.edu (srvr20.engin.umich.edu [141.212.2.26]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26533 for ; Wed, 9 Sep 1998 21:32:55 -0700 (PDT) (envelope-from ghutchin@umich.edu) Received: from umich.edu (westquad-188-78.reshall.umich.edu [141.213.188.78]) by srvr20.engin.umich.edu (8.8.8/8.8.8) with ESMTP id AAA08205 for ; Thu, 10 Sep 1998 00:32:47 -0400 (EDT) Message-ID: <35F76492.AAF17D12@umich.edu> Date: Thu, 10 Sep 1998 00:33:06 -0500 From: James Secreto X-Mailer: Mozilla 4.06 [en] (Win98; I) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Natd and IPforwarding Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am running FreeBSD 2.2.7 and attempting to set up ipforwarding on a dual homed system. I turned on natd_enable in my rc.conf and gave it my interface which is vx0, I am running a 3com905 card. I am also running a DEC21040 NIC for the local internet. The 3com is for the outside. I turned on the firewall in the rc.conf and set the type to open. I also set the net, mask and ip of my 3com in the rc.firewall config file in the open section, where it asks for it. The firewall loads fine, and my firewall rules list looks like this 00100 318 44249 divert 8668 ip from any to any via vx0 00100 16 1344 allow ip form any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 65000 0 0 allow ip from any to any 65535 3 288 deny ip from any to any Once the rules load at boot though i can no longer ping the outside network, from my unix box. I realized that the packets then are somehow getting lost when they were being diverted to natd, running on port 8668. To test this i removed the divert line from my ip firewall rules list. Sure enough i can now ping the outside from my unix box (of course i can't ping the outside net with any of my other computers though :-) Can anyone help me with this...Thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message