From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 29 22:11:18 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BBC816A4CF for ; Sat, 29 Jan 2005 22:11:18 +0000 (GMT) Received: from deliver-1.mx.triera.net (deliver-1.mx.triera.net [213.161.0.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64A6343D45 for ; Sat, 29 Jan 2005 22:11:17 +0000 (GMT) (envelope-from andy@triera.net) Received: from localhost (in-3.mx.triera.net [213.161.0.27]) by deliver-1.mx.triera.net (Postfix) with ESMTP id CAFE4BFF0 for ; Sat, 29 Jan 2005 23:11:05 +0100 (CET) Received: from smtp.triera.net (smtp.triera.net [213.161.0.30]) by in-3.mx.triera.net (Postfix) with SMTP id ECA411BC084 for ; Sat, 29 Jan 2005 23:11:10 +0100 (CET) Received: from voyager.kksonline.com (cpe1-5-51.cable.triera.net [213.161.5.51]) by smtp.triera.net (Postfix) with ESMTP id EE9F51A18AA for ; Sat, 29 Jan 2005 23:11:08 +0100 (CET) Message-Id: <6.0.0.22.2.20050129231029.02f50bc0@pop3.triera.net> X-Sender: arozman@pop3.triera.net X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 29 Jan 2005 23:10:36 +0100 To: freebsd-hackers@freebsd.org From: Aleksander Rozman - Andy Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: Triera AV Service Subject: Network problem after upgrade from 5.1 to 5.3 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2005 22:11:18 -0000 Hi ! I am long time user of FreeBSD and for must updates so far I hadn't had much to do (maybe option here and option there, but networking never changes), but after upgrade from 5.1 to 5.3 everything stoped working. Since I couldn't rebuild kernel (some internal problems), I decided to delete everything and reinstal from scratch (last time I did this was when disk crashed, and that was about 5 years ago). But now again nothing works. I didn't change any configuration files since instalation except, rc.conf, and copied my firewall.conf and natd.conf... Even after recompiled I couldn't use network. My FreeBSD is used as server and also router for my internal network (using NAT). Problem: ====== If I disable firewall, natd is turned down so inside computers can't get to internet through FreeBSD box, if enabled, then nothing works. It seems like small trouble in Firewall, but I don't know why. I usually didn't make any changes to firewall since I am not guru there... Config: ===== FreeBSD BOX -> dc0: external IP | V rl0: internal IP 192.168.44.1 -> Hub I was using NATD and firewall (I have my own rules for both and everything worked before), I have compiled IPDIVERT and IPFIREWALL into kernel. Startup rc.conf: =========== defaultrouter="xx.xx.5.1" # Set to default gateway (or NO). firewall_enable="YES" # Set to YES to enable firewall functionality firewall_silent="YES" firewall_type="/etc/firewall.conf" # Firewall type (see /etc/rc.firewall) gateway_enable="YES" # Set to YES if this host will be a gateway. hostname="atechnet.dhs.org" # Set this! ifconfig_dc0="inet xx.xx.5.51 netmask 255.255.255.0" ifconfig_lo0="inet 127.0.0.1 netmask 255.255.255.0" ifconfig_rl0="inet 192.168.44.1 netmask 255.255.255.0" natd_enable="YES" # Enable natd (if firewall_enable ==YES). natd_flags="-s -u -f /etc/natd.conf" natd_interface="dc0" network_interfaces="auto" natd.conf (This is just for redirection of emule ports) ======= redirect_port tcp 192.168.44.2:4662 4662 redirect_port udp 192.168.44.2:4672 4672 redirect_port tcp 192.168.44.2:4711 4711 redirect_port tcp 192.168.44.1:5432 5432 redirect_port udp 192.168.44.1:5432 5432 firewall.conf (this is open firewall with added ports for redirection) ========= add 00050 set 0 divert 8668 ip from any to any add 00100 set 0 allow ip from any to any add 00200 set 0 deny ip from any to 127.0.0.0/8 add 00300 set 0 deny ip from 127.0.0.0/8 to any add 10000 set 0 allow udp from any 4672 to 192.168.44.2 dst-port 4672 add 10001 set 0 allow tcp from any 4662 to 192.168.44.2 dst-port 4662 add 10002 set 0 allow tcp from any 4711 to 192.168.44.2 dst-port 4711 add 65000 set 0 allow ip from any to any Please help me, I need to make my server active again, but I can't do that unless whole network is working... Andy ************************************************************************** * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, Earthie * * andy@kksonline.com * Sentinel, BH 90210, True's Trooper, * * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, PO5, * * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), Pretender * * ICQ-UIC: 4911125 ********************************************* * PGP key available * http://www.atechnet.dhs.org/~andy/ * **************************************************************************