Date: Sun, 16 Aug 1998 21:48:08 +0200 From: Dang-Ngoc TUYET-TRAM <Dang-Ngoc.Tuyet-Tram@prism.uvsq.fr> To: FreeBSD-questions@FreeBSD.ORG Subject: problem with natd and rc.firewall Message-ID: <19980816214808.A17048@gibet.prism.uvsq.fr>
next in thread | raw e-mail | index | archive | help
Hi, I used to run ppp in user mode on FreeBSD2.2.6 with no problem. Then, I wanted to use natd for all computer of my network to be able to connect to the Internet. I followed the recommendation of "the complete FreeBSD" book and of the FreeBSD Handbook : - I've build my kernel with : pseudo-device bpfilter 4 options IPFIREWALL options IPDIVERT - I've changed values in rc.conf by : firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="client" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="ppp0 lo0 tun0 ed0" # List of network interfaces (lo0 is loo pback). ifconfig_tun0= ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. ifconfig_ed0="inet 192.168.0.1" # the interface to my private network - I created /etc/rc.firewall with only the follwing lines : /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add pass all from any to any - When I reboot, I get the message : IP packet filtering initialized, divert enabled, logging disabled Then when I run ppp, dial is OK, tun0 is assigned a dynamic IP adress, but if I ping an outside IP I get no response, but I can still ping an inside IP adress. # netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ed0 1500 <Link> 00.40.05.60.85.25 2456 0 2381 0 0 ed0 1500 192.168 192.168.0.1 2456 0 2381 0 0 tun0 1500 <Link> 2742 0 3385 0 0 tun0 1500 193.51.24 193.51.24.17 2742 0 3385 0 0 ppp0* 1500 <Link> 0 0 0 0 0 lo0 16384 <Link> 0 0 0 0 0 lo0 16384 127 127.0.0.1 0 0 0 0 0 # ifconfig -a ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:40:05:60:85:25 tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 If I change the firewall rules by doing set firewall=client; sh /etc/rc.firewall.old (where rc.firewall.old is the default rc.firewall, ppp works) Perhaps must I keep this configuration for natd ? anyway, in the two case, if I run natd -use_sockets -same_ports -unregistered_only -dynamic -interface tun0 pinging something outside from another inside computer doesn't work. Any idea ? Thanks for help, Tuyet Tram DANG NGCO -- dntt@prism.uvsq.fr Universite de Versailles http://www.ens-info.uvsq.fr:8000/~dntt/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980816214808.A17048>