Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Oct 2003 00:19:54 -0500
From:      Larry Rosenman <ler@lerctr.org>
To:        freebsd-stable@freebsd.org
Cc:        darrenr@freebsd.org
Subject:   IPNAT/Slow TCP/Pings fine/4.8-REL
Message-ID:  <10390000.1066022394@lerlaptop.lerctr.org>

next in thread | raw e-mail | index | archive | help
I was trying(!) to help a friend out, and built a 4.8-REL box
to play Router/NAT and it's ALMOST working.  I can't seem to telnet/surf
from NAT'd addresses, but PING works fine.

rl1:
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 207.168.119.2 netmask 0xffffff00 broadcast 207.168.119.255
        inet6 fe80::240:5ff:fe82:f0e8%rl1 prefixlen 64 scopeid 0x2
        ether 00:40:05:82:f0:e8
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl2:
rl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.30.125 netmask 0xffffff00 broadcast 192.168.30.255
        inet6 fe80::205:5dff:fe50:fc65%rl2 prefixlen 64 scopeid 0x3
        ether 00:05:5d:50:fc:65
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

/etc/ipnat.rules:
$ cat /etc/ipnat.rules
map rl1 192.168.30.0/24 -> 0.0.0.0/32 portmap tcp/udp 1025:65000
map rl1 192.168.30.0/24 -> 0.0.0.0/32
$

/etc/rc.conf:
$ cat /etc/rc.conf

# -- sysinstall generated deltas -- # Sat Oct 11 18:43:56 2003
# Created: Sat Oct 11 18:43:56 2003
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="207.168.119.1"
hostname="fw.imscomp.com"
#ifconfig_rl2_alias0="inet 192.168.0.1  netmask 255.255.255.0"
ifconfig_rl2="inet 192.168.30.125  netmask 255.255.255.0"
ifconfig_rl1="inet 207.168.119.2  netmask 255.255.255.0"
inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
ipnat_enable="YES"              # Set to YES to enable ipnat functionality
ipmon_enable="YES"              # Set to YES for ipmon; needs ipfilter or 
ipnat
gateway_enable="YES"
$

/etc/sysctl.conf:
$ cat /etc/sysctl.conf
# $FreeBSD: src/etc/sysctl.conf,v 1.1.2.3 2002/04/15 00:44:13 dougb Exp $
#
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
#


net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
$

Kernel config:
$ cat IMSFW
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# 
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-conf
ig.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.51.2.2 2003/03/25 23:35:15 
jhb Exp $

machine         i386
cpu             I686_CPU
ident           IMSFW
maxusers        0

#makeoptions    DEBUG=-g                #Build kernel with gdb(1) debug 
symbols

options         INET                    #InterNETworking
options         INET6                   #IPv6 communications protocols
options         FFS                     #Berkeley Fast Filesystem
options         FFS_ROOT                #FFS usable as root device [keep 
this!]
options         SOFTUPDATES             #Enable FFS soft updates support
options         UFS_DIRHASH             #Improve performance on big 
directories
options         NFS                     #Network Filesystem
options         NFS_ROOT                #NFS usable as root device, NFS 
required
options         MSDOSFS                 #MSDOS Filesystem
options         CD9660                  #ISO 9660 Filesystem
options         CD9660_ROOT             #CD-ROM usable as root, CD9660 
required
options         PROCFS                  #Process filesystem
options         COMPAT_43               #Compatible with BSD 4.3 [KEEP 
THIS!]
options         SCSI_DELAY=15000        #Delay (in ms) before probing SCSI
options         UCONSOLE                #Allow users to grab the console
options         USERCONFIG              #boot -c editor
options         VISUAL_USERCONFIG       #visual boot -c editor
options         KTRACE                  #ktrace(1) support
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores
options         P1003_1B                #Posix P1003_1B real-time extensions
options         _KPOSIX_PRIORITY_SCHEDULING
options         ICMP_BANDLIM            #Rate limit bad replies
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev

# To make an SMP kernel, the next two are needed
#options        SMP                     # Symmetric MultiProcessor Kernel
#options        APIC_IO                 # Symmetric (APIC) I/O

# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
#options        HTT                     # HyperThreading Technology

device          isa
device          pci

# Floppy drives
device          fdc0    at isa? port IO_FD1 irq 6 drq 2
device          fd0     at fdc0 drive 0
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device         fdc0

# ATA and ATAPI devices
device          ata0    at isa? port IO_WD1 irq 14
device          ata1    at isa? port IO_WD2 irq 15
device          ata
device          atadisk                 # ATA disk drives
device          atapicd                 # ATAPI CDROM drives
device          atapifd                 # ATAPI floppy drives
device          atapist                 # ATAPI tape drives
options         ATA_STATIC_ID           #Static device numbering

device          scbus           # SCSI bus (required)
device          da              # Direct Access (disks)
device          sa              # Sequential Access (tape etc)
device          cd              # CD
device          pass            # Passthrough device (direct SCSI access)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device          atkbdc0 at isa? port IO_KBD
device          atkbd0  at atkbdc? irq 1 flags 0x1
device          psm0    at atkbdc? irq 12

device          vga0    at isa?

# splash screen/screen saver
pseudo-device   splash

# syscons is the default console driver, resembling an SCO console
device          sc0     at isa? flags 0x100

# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device         vt0     at isa?
#options        XSERVER                 # support for X server on a vt 
console
#options        FAT_CURSOR              # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT 
lines
#options        PCVT_SCANSET=2          # IBM keyboards are non-std

device          agp             # support several AGP chipsets

# Floating point support - do not disable.
device          npx0    at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
device          apm0    at nexus? flags 0x20 # Advanced Power Management

# Serial (COM) ports
device          sio0    at isa? port IO_COM1 flags 0x10 irq 4
device          sio1    at isa? port IO_COM2 irq 3
device          sio2    at isa? disable port IO_COM3 irq 5
device          sio3    at isa? disable port IO_COM4 irq 9

# Parallel port
device          ppc0    at isa? irq 7
device          ppbus           # Parallel port bus (required)
device          lpt             # Printer
device          plip            # TCP/IP over parallel
device          ppi             # Parallel port interface device
#device         vpo             # Requires scbus and da


# PCI Ethernet NICs.

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device          miibus          # MII bus support
device          rl              # RealTek 8129/8139

# Pseudo devices - the number indicates how many units to allocate.
pseudo-device   loop            # Network loopback
pseudo-device   ether           # Ethernet support
pseudo-device   sl      1       # Kernel SLIP
pseudo-device   ppp     1       # Kernel PPP
pseudo-device   tun             # Packet tunnel.
pseudo-device   pty             # Pseudo-ttys (telnet etc)
pseudo-device   md              # Memory "disks"
pseudo-device   gif             # IPv6 and IPv4 tunneling
pseudo-device   faith   1       # IPv6-to-IPv4 relaying (translation)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device   bpf             #Berkeley packet filter

# USB support
device          uhci            # UHCI PCI->USB interface
device          ohci            # OHCI PCI->USB interface
device          usb             # USB Bus (required)
device          ugen            # Generic
device          uhid            # "Human Interface Devices"
device          ukbd            # Keyboard
device          ulpt            # Printer
device          umass           # Disks/Mass storage - Requires scbus and da
device          ums             # Mouse
device          uscanner        # Scanners
device          urio            # Diamond Rio MP3 Player
# USB Ethernet, requires mii
device          aue             # ADMtek USB ethernet
device          cue             # CATC USB ethernet
device          kue             # Kawasaki LSI USB ethernet


options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
$

What am I missing?  What else do you/I need?

THanks for any QUICK replies!



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10390000.1066022394>