From owner-freebsd-questions Wed Mar 24 14:17:50 1999 Delivered-To: freebsd-questions@freebsd.org Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (Postfix) with ESMTP id B41B514E7B for ; Wed, 24 Mar 1999 14:17:42 -0800 (PST) (envelope-from brian@lan.awfulhak.org) Received: from keep.lan.Awfulhak.org (keep.lan.Awfulhak.org [172.16.0.8]) by awfulhak.org (8.9.2/8.9.2) with ESMTP id WAA22639; Wed, 24 Mar 1999 22:17:23 GMT (envelope-from brian@lan.awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id WAA05275; Wed, 24 Mar 1999 22:16:37 GMT (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199903242216.WAA05275@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: tront@cs.sfu.ca Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd problem In-reply-to: Your message of "Wed, 24 Mar 1999 13:18:01 PST." <3.0.3.32.19990324131801.00a11890@cs.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 24 Mar 1999 22:16:37 +0000 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Perhaps ``options DIVERT'' isn't built into your kernel ? Otherwise, maybe natd is listening to a different divert port from the one ipfw is telling the firewall to use. > I am a university instructor of a network admin course that has been using > freebsd unix for 2 years, we are currently using 2.2.7. We are trying natd > for the first time ever. And after checking all available documentation we > are stumped as to why we can't even ping one hop from the gateway to a > public network machine while natd is running. > We have followed the instructions on the man page exactly! > We can ping from the internal machine to the gateway and visa versa. But > not through the gateway to the public network. And more interestingly, not > even from the gateway machine to the public network (one hop!). When we > kill natd and remove the divert firewall rule, ping is successful in all > ways, including relay through the gateway, so the connectivity and routing > is good. > > The divert rule firewall timestamp is showing that it is being used at the > time we attempt to pings, so the firewall is running. And the firewall > only has the specified 2 rules plus the final 65535 deny rule. Also, we > found that running natd in verbose mode generated no error messages. And > running in log mode didn't seem to generate any log in alias.log. > > We have spent hours on this, and are beginning to disagree with the man > page that states "Running natd is fairly straight forward". Can you give > us another pointer or two on where to look for some error in our setup. > > Thanks VERY much, > Russ Tront, Instructor > School of Computer Science > Simon Fraser University > Burnaby, B.C. V5A 1S6 > Canada. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message