From owner-freebsd-questions@FreeBSD.ORG  Fri May 18 12:07:25 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BBDE106566C
	for <questions@freebsd.org>; Fri, 18 May 2012 12:07:25 +0000 (UTC)
	(envelope-from david+dated+1337774837.907aca@skytracker.ca)
Received: from 3s1.com (3s1.com [209.161.205.12])
	by mx1.freebsd.org (Postfix) with ESMTP id E1DDB8FC16
	for <questions@freebsd.org>; Fri, 18 May 2012 12:07:24 +0000 (UTC)
Received: from 3s1.com (localhost [127.0.0.1])
	by 3s1.com (8.14.4/8.14.4) with ESMTP id q4IC7Itx034770
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <questions@freebsd.org>; Fri, 18 May 2012 08:07:18 -0400 (EDT)
	(envelope-from david+dated+1337774837.907aca@skytracker.ca)
Received: (from david@localhost)
	by 3s1.com (8.14.4/8.14.4/Submit) id q4IC7Hrd034769
	for questions@freebsd.org; Fri, 18 May 2012 08:07:17 -0400 (EDT)
	(envelope-from david+dated+1337774837.907aca@skytracker.ca)
X-Authentication-Warning: 3s1.com: david set sender to
	david+dated+1337774837.907aca@skytracker.ca using -f
Received: by 3s1.com (tmda-sendmail, from uid 1000);
	Fri, 18 May 2012 08:07:16 -0400
Date: Fri, 18 May 2012 08:07:16 -0400
To: Chuck Swiger <cswiger@mac.com>
Message-ID: <20120518120716.GA28838@skytracker.ca>
References: <20120516200837.GA63280@skytracker.ca>
	<70BC5C41-FD4F-4B57-86F8-8C48BA075EC1@mac.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <70BC5C41-FD4F-4B57-86F8-8C48BA075EC1@mac.com>
User-Agent: Mutt/1.4.2.3i
X-Delivery-Agent: TMDA/1.1.12 (Macallan)
From: David Banning <david+dated+1337774837.907aca@skytracker.ca>
Cc: questions@freebsd.org
Subject: Re: problems with networking and route command
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2012 12:07:25 -0000

> > It is machines that connect and receive via DHCP 192.168.1.2 and above that
> > can't connect to the internet though the server.  I don't know a whole
> > lot about route - I have been attempting a variation of route commands
> > without success.
> 
> You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range.

I previously connected to the internet using ppp with the -nat option
and now my connection has changed - so that makes sense.

So I implemented natd.

Unfortunately natd does not work as yet.  I followed the setup as laid 
out in "man natd" and also used the layout in;

http://www.freebsddiary.org/ipfw.php

Here is my natd setup

1. Compiled IPFIREWALL & IPDIVERT into my kernel - went fine.

Here is my rc.conf network related entries;

natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
gateway_enable="YES"
ifconfig_rl0="inet 64.40.244.36 netmask 255.255.255.240"
defaultrouter="64.40.244.33"
ifconfig_vr0="DHCP"
ifconfig_vr0=up
ifconfig_vr0="inet 192.168.1.1"
network_interfaces="rl0 vr0 lo0"
ifconfig_lo0="inet 127.0.0.1"
firewall_enable="YES"
firewall_script="/etc/firewall.rules"
firewall_type="simple"
firewall_logging="YES"
dhcpd_ifaces="vr0"
dhcpd_enable="YES"

My firewall rules;

ipfw add 64000 allow ip from any to any
ipfw add divert natd all from any to any via rl0
ipfw add allow tcp from any to 192.168.2.1 139
ipfw add allow tcp from any to 192.168.1.1 139
ipfw add 6000 deny tcp from any to 64.40.244.36 139
ipfw add 6010 deny tcp from any to 64.40.244.36 445
ipfw add deny tcp from any to any 139

My /etc/natd.conf;

interface rl0
use_sockets yes
same_ports yes

My /etc/services includes the line;

natd     8668/divert  # Network Address Translation socket

Output of ifconfig;

# ifconfig
fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 02:11:d8:b3:0e:43
        ch 1 dma -1
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 
        ether 14:d6:4d:47:88:ae
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 64.40.244.36 netmask 0xfffffff0 broadcast 64.40.244.47
        inet6 fe80::211:95ff:fe66:7162%rl0 prefixlen 64 scopeid 0x3 
        ether 00:11:95:66:71:62
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
        inet 127.0.0.1 netmask 0xff000000 
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500

>From my initial communication I have swapped the uses of the two network
cards - which explains the reversal of entries for devices vr0 and rl0.
Still I have server connection to the internet on rl0 and server 
connection to the network on vr0 - but the network cannot connect 
to the internet via rl0.

If there are any commands that would help collect information leading
to the answer I would appreciate any feedback.