Date: Wed, 21 Jul 1999 16:36:06 -0300 (EST) From: Paulo Fragoso <paulo@nlink.com.br> To: Rico Pajarola <pajarola@cybertime.ch> Cc: freebsd-isp@freebsd.org Subject: Re: Changes from 2.2.6 to 3.2 Message-ID: <Pine.BSF.3.96.990721160323.27451H-100000@mirage.nlink.com.br> In-Reply-To: <4.1.19990721194556.00addc40@mail.cybertime.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jul 1999, Rico Pajarola wrote: > If you get "sendto permission denied" you probably have your firewall not > initialized correctly. Do 'ipfw l' and see if there are any rules besides > '65535 deny ip from any to any' (and the divert rule for natd, of course). > Make sure you have firewall_enable="YES" in rc.conf. If you only want nat, > and don't need any special firewall functionality (besides divert for > natd), you can set firewall_type='open' (also in rc.conf). If you need > more, get a book about firewalls, or search the archives, there has been a > discussion about firewalls recently. I'm using same rules. My default firewall rule is open, after start divert rule it not work just for diverted packets. Same rules (same file rc.firewall) in 2.2.6 work fine, using this file in 3.2 system with firewall enabled it doesn't work. rc.firewall rules: $fwcmd -f flush $fwcmd add 1000 pass all from any to any via lo0 $fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8 $fwcmd add divert natd log all from 192.168.200.3 to any via ed1 $fwcmd add divert natd log all from any to aaa.aaa.aaa.100 via ed1 $fwcmd add 65000 pass all from any to any and natd start: "natd -a aaa.aaa.aaa.100" This machine have got two newtwork adapter ed1 and ed2, ed1 is 192.168.200.3 and ed2 is aaa.aaa.aaa.100. I've used same rc.firewall and natd options to avoid mistakes. In this case I try translate my own IP. Are there any tcp/ip modification to block this translation? I've seem natd used for translation from some private network to one IP but not from own IP to another IP. Paulo. > > --Rico > > At 14:29 21.07.99 -0300, you wrote: > >Hi, > > > >I was using freebsd 2.2.6 with natd to change my out ip number. I try > >upgrade (with other HD) to 3.2-release using same rc.firewal and flags for > >natd. I can't send out packets by translated interface. For example using > >ping it returns this error: "sendto permission denied". > > > >Are there any change related with this? > > > >I'm using natd to translate 192.168.200.3 to aaa.aaa.aaa.100, because > >other e-mail server can contact to aaa.aaa.aaa.100, but can't contact > >192.168.200.3. > > > > > > FreeBSD > > aaa.aaa.aaa.100 Router 192.168.200.3 internet > > ---------------- WebServer --------------------------- router --> > > E-mail 192.168.200.254 > > natd > > etc. > > > >Using 2.2.6 I can translate any from 192.168.200.3 to aaa.aaa.aaa.100, but > >using 3.2 isn't working. > > > >Thanks, > >Paulo. > > > >------ > >" ... Overall we've found FreeBSD to excel in performace, stability, > >technical support, and of course price. Two years after discovering > >FreeBSD, we have yet to find a reason why we switch to anything else" > > -David Filo, Yahoo! > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990721160323.27451H-100000>