Date: Fri, 26 Dec 2003 09:27:08 -0800 (PST) From: The Bean <beantaxi@yahoo.com> To: freebsd-questions@freebsd.org Subject: natd problem (but close!) Message-ID: <20031226172708.68834.qmail@web40413.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all, I've been trying to get natd up on a FreeBSD 4.9-Stable box. I think I've followed every step, and it's still not quite working, although I believe it's getting close. My dual-homed box has two interfaces: internal ed0=10.13.0.1/8, and external xl0=xx.yy.zz.187/29 (note I've cleverly obscured the IP). Here's what I've done on the dual-homed box: - Kernel compiled with IPFIREWALL & IPDIVERT - gateway_enabled="YES", verified with sysctl -a list | grep ipforwarding - firewall set to open - natd_enabled="YES" - natd_interface=my external interface - natd_flags=-f /etc/natd.conf - /etc/natd.conf contains one line: redirect_address 10.0.0.13 xx.yy.zz.186, where xx.yy.zz.186 is the desired public IP for a client on my internal network, whose internal IP is 10.0.0.13 On my client, I've set the default router to 10.13.0.1, which is the IP for the internal interface for the gateway box. The gateway can access the Internet just fine. The client has some problems, which I've attempted to diagnose by running tcpdump on the gateway, and trying a ping and a lynx from the client. Here are the results, as reported by the gateway: ping 151.164.1.8 (from client to one of my ISP's nameservers) ----- 10:14:39.738942 xx.yy.zz.186 > 151.164.1.8: icmp: echo request 10:14:39.760288 151.164.1.8 > xx.yy.zz.186: icmp: echo reply 10:14:40.748798 xx.yy.zz.186 > 151.164.1.8: icmp: echo request 10:14:40.770406 151.164.1.8 > xx.yy.zz.186: icmp: echo reply (etc) lynx www.yahoo.com ----- 10:16:55.827709 xx.yy.zz.186.2559 > 216.109.118.64.http: S 552730403:552730403(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 35611940 0> (DF) 10:16:55.920315 216.109.118.64.http > xx.yy.zz.186.2559: S 2144501521:2144501521(0) ack 552730404 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 582477747 35611940> (DF) On both ping and lynx, the client hangs. It doesn't report any problems (other than timeout). It just hangs. Also, tcpdump reports packets as being received by 'filter', and reports 0 packets dropped by kernel. What's interesting to me, is that in both cases it looks like the connection is being made. Since the gateway is referring to xx.yy.zz.186, which is my alias in natd.conf for the client, it looks like natd is working to some extent -- the client's NIC is configured only as 10.0.0.13 and so the only reason the gateway would be using 66.139.244.186 would be because natd said so. However, it almost seems like the gateway can't go in the other direction, like it has no idea that packets destined for 66.139.244.186 should be directed to 10.0.0.13. This, even though it knows to rewrite packets coming *from* 10.0.0.13 as having come from 66.139.244.186. One other data point: my gateway can ping the client's internal IP, but not its external IP. Does sound familiar to anyone? I'm hopeful that it's something small. Thank you, T.B. __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031226172708.68834.qmail>