Date: Thu, 16 Jul 1998 10:08:30 +0200 From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> To: Eilko Bos <Eilko.Bos@nl.origin-it.com>, Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> Cc: freebsd-isdn@FreeBSD.ORG Subject: Re: natd/firewall issues Message-ID: <19980716100830.A29108@gil.physik.rwth-aachen.de> In-Reply-To: <199807152228.AAA01742@linda.mpn.cp.philips.com>; from Eilko Bos on Thu, Jul 16, 1998 at 12:28:36AM %2B0200 References: <199807151433.QAA25483@gilberto.physik.RWTH-Aachen.DE> <199807152228.AAA01742@linda.mpn.cp.philips.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 16, 1998 at 12:28:36AM +0200, Eilko Bos wrote: > > > > After re-establishing the setup I had running under 2.2.5/bisdnd, > > especially the firewall/natd settings I found that I cannot route > > through ipr0 when the same natd/firewall rules are applied I had > > under 2.2.5/bisdnd. > > > > Are there any caveats to know about when using i4b with natd? > > > > /etc/rc.firewall > > /sbin/ipfw -f flush > > #/sbin/ipfw add divert natd all from any to any via ipr0 > > /sbin/ipfw add pass all from any to any > > > > If I uncomment the ipr0 line, I cannot route out packets > > in conjunction with: > > > > /etc/rc.local: > > > <snip> > > I run freebsd 2.2.5 / i4b-00.60-alpha-070598 (eeeeehrm...) > > read the natd manual well. > I've thrown away the rc.firewall and do the next: > > ---- ./dialin.sh ---- > #! /bin/sh > xterm -T Isdn -n Isdnd -e /usr/local/bin/isdnd -F -d0x71 & > ifconfig isppp0 inet 0.0.0.0 123.134.71.100 netmask 0xffffff00 > ifconfig isppp0 down > route add default 123.134.71.100 > spppcontrol isppp0 myauthproto=pap myauthname=authname myauthsecret=123445 > ifconfig isppp0 up > natd -n isppp0 > # /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via isppp0 > /sbin/ipfw add pass all from any to any > > And that works fine. Don't do the flush since that one seems to kill isppp0 That's exactly what I have (my rc.firewall is just the last three lines above). Despite of the fact that you are only using it for dialing in via isppp0 while mine is active permanently for ipr0. So I see no difference between your settings and mine. Just that it doesn't seem to work for ipr0 in hdlc mode. But I will try harder, it's just that it didn't working right off from the start :-) > > As said, you need to read the manpage of natd, because you need to do some > settings in rc.conf as well. If things start to complain about a missing Aside from having firewall=YES I din't have anything that could affect natd and, as I said, things worked with these settings before. I'll inform the list when things turn out to the better. > rc.firewall, just touch it, that will work. > > Good luck. > > Cheers, > Eilko. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isdn" in the body of the message -- --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980716100830.A29108>