Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Dec 1999 00:23:58 -0800
From:      Sonny Van Hook <blackice@muller.net>
To:        cjclark@home.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Stuck debugging NATD
Message-ID:  <3.0.1.32.19991224002358.006c7fa8@muller.net>
In-Reply-To: <199912240501.AAA40197@cc942873-a.ewndsr1.nj.home.com>
References:  <3.0.1.32.19991223202408.006bd45c@muller.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 12:01 AM 12/24/99 -0500, Crist J. Clark wrote:
>Sonny Van Hook wrote,
>[snip]
>> /etc/rc.conf
>> natd_enable="YES"		#This isredundant since it's
>> natd_interface="de0"		#manually config'd in rc.firewall
>
>No, it's not redundant. The 'natd_enable' variable is used in
>rc.network to actually run natd.

Thanks for the clarification.  I'm rather new to this
as you might be able to tell!

>> As you can see, my local net uses the 192.168.0.x address
>> space.  All machines are configured to use 192.168.0.1 as
>> their default gateway.  I'm pretty sure this is not a routing
>> problem because when I use the 'open' (allow all) profile,
>> I have the same problem.
>
>If you do tcpdumps on the FreeBSD machine, do you see packets coming
>in lnc1 and going nowhere?

I don't have access to the machine right now, but I 
will definitely check on Sunday.  Thanks for the tip.

>> Lastly, I see this right at the end of 'dmesg':
>> IP packet filtering initialized, divert disabled, rule-based forwarding
>> disabled, logging disabled
>> ip_fw_ctl: invalid command
>
>Did you recompile your kernel with (at least),
>
>options         IPFIREWALL              #firewall
>options         IPDIVERT                #divert sockets
>
>Included?

Yes, I did.  In fact, it has many of the options
and perhaps (?) I don't need all of them?  It has:

options	INET
options	IPFIREWALL
options	IPDIVERT
options	IPFIREWALL_VERBOSE
options	"IPFIREWALL_VERBOSE_LIMIT=10"
options	IP_FILTER

It has ALL of the default options listed in the 
Complete FreeBSD with the exception of the option
that emulates TCP 4.2.

The book (Complete FreeBSD) was a bit vague on some
of the options.  Should I strip it down to only
include IPFIREWALL and IPDIVERT (and INET, too) ?

Thanks for the help.

Sonny


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19991224002358.006c7fa8>