Date: Fri, 12 May 2000 22:03:36 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Jeremy Warner <jwarner182@yahoo.com> Cc: Rudy Rucker <rudy@pollo.monkeybrains.net>, questions@FreeBSD.ORG Subject: Re: IPFW and NATD question Message-ID: <20000512220335.B39310@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <004001bfbc38$04222400$1001a8c0@northwesttechnical.com>; from jwarner182@yahoo.com on Fri, May 12, 2000 at 10:32:15AM -0700 References: <Pine.BSF.4.21.0005120303300.32124-100000@pollo.monkeybrains.net> <004001bfbc38$04222400$1001a8c0@northwesttechnical.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 12, 2000 at 10:32:15AM -0700, Jeremy Warner wrote: > this is what I get: > #ipfw show > > 00100 105 6310 divert 8668 ip from any to any via fxp0 > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 65000 174 10308 allow ip from any to any > 65535 0 0 deny ip from any to any > > With these settings the gateway can ping the 192.168.1.x network but it can > not ping anything on 206.163.165.x (aside form 206.163.165.1) > If I do a ipfw delete 100 then the gateway can ping anything in both > directions. > > and yes my 192.168.1.x clients are configured correctly. > from my 192.168.1.x network I can ping 192.168.1.1 and 206.163.165.1 but > know further. > > i've made no changes in my rc.firewall file. are there setting that need to > be setup in here? it is just set to the default config right now. From what I see, this should be working. Let's get all the info, # ipfw show # netstat -rn # ifconfig -a # ps aux | grep natd # uname -a Try starting a ping to the outside world from the private net. Then, on the NAT gateway, listen with tcpdump(8) on the internal interface to see the pings come in. Try tcpdump(8) on the external to see if they are going out or coming back. > ----- Original Message ----- > From: Rudy Rucker <rudy@pollo.monkeybrains.net> > To: Jeremy Warner <jwarner182@yahoo.com> > Cc: <questions@FreeBSD.ORG> > Sent: Friday, May 12, 2000 3:09 AM > Subject: Re: IPFW and NATD question > > > > > > Do a 'ipfw show' as root. > > That will make sure that your firewall is running and the correct rules > > are loaded (look for the divert rule). > > > > Did you set up clients on the 192.168.1.x network to use > > 192.168.1.1 as their gateway (and as their DNS)? > > > > Rudy > > > > On Fri, 12 May 2000, Jeremy Warner wrote: > > > > > I trying to setup NATD and IPFW and im not getting very far. > > > I'm using FreeBSD-4.0. > > > My gateway server is connected to the internet (fxp0) and it is also > connected to my network (fxp1) > > > I am trying to get natd to divert my internal network 192.168.1.0 > through my gateway so that my internal network can see the internet, but for > some reason its not working. > > > > > > I compiled my Kernal with: > > > options IPFIREWALL > > > options IPFIREWALL_VERBOSE > > > options IPDIVERT > > > > > > This is what my rc.conf file looks like: > > > > > > ifconfig_fxp0="inet 206.163.165.1 netmask 255.255.255.224" > > > ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0" > > > gateway_enable="YES" > > > defaultrouter="206.163.165.30" > > > named_enable="YES" > > > network_interfaces="lo0 fxp0 fxp1" > > > hostname="gw.northwesttechnical.com" > > > natd_enable=YES > > > natd_interface="fxp0" > > > natd_flags="-f /etc/natd.conf" > > > firewall_enable=YES > > > firewall_type=open > > > firewall_quiet=YES > > > > > > This is my natd.conf file: > > > > > > interface fxp0 > > > deny_incoming yes > > > use_sockets yes > > > same_ports yes > > > > > > > > > If anyone has any ideas here let me know. > > > > > > Thanks... > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000512220335.B39310>