From owner-freebsd-isdn Wed Jul 15 15:31:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA27262 for freebsd-isdn-outgoing; Wed, 15 Jul 1998 15:31:05 -0700 (PDT) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA27250 for ; Wed, 15 Jul 1998 15:31:01 -0700 (PDT) (envelope-from tafkam@linda.mpn.cp.philips.com) Received: from smtprelay-nl1.philips.com (localhost.philips.com [127.0.0.1]) by gw-nl1.philips.com with ESMTP id AAA10157; Thu, 16 Jul 1998 00:30:41 +0200 (MEST) (envelope-from tafkam@linda.mpn.cp.philips.com) Received: from linda.mpn.cp.philips.com (linda.mpn.cp.philips.com [130.139.64.52]) by smtprelay-nl1.philips.com (8.8.5/8.6.10-1.2.2m-970826) with ESMTP id AAA22166; Thu, 16 Jul 1998 00:30:41 +0200 (MET DST) Received: (from tafkam@localhost) by linda.mpn.cp.philips.com (8.8.7/8.8.7) id AAA01742; Thu, 16 Jul 1998 00:28:36 +0200 (CEST) (envelope-from Eilko.Bos@nl.origin-it.com) From: Eilko Bos Message-Id: <199807152228.AAA01742@linda.mpn.cp.philips.com> Subject: Re: natd/firewall issues In-Reply-To: <199807151433.QAA25483@gilberto.physik.RWTH-Aachen.DE> from Christoph Kukulies at "Jul 15, 98 04:33:12 pm" To: kuku@gilberto.physik.RWTH-Aachen.DE (Christoph Kukulies) Date: Thu, 16 Jul 1998 00:28:36 +0200 (CEST) Cc: freebsd-isdn@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > After re-establishing the setup I had running under 2.2.5/bisdnd, > especially the firewall/natd settings I found that I cannot route > through ipr0 when the same natd/firewall rules are applied I had > under 2.2.5/bisdnd. > > Are there any caveats to know about when using i4b with natd? > > /etc/rc.firewall > /sbin/ipfw -f flush > #/sbin/ipfw add divert natd all from any to any via ipr0 > /sbin/ipfw add pass all from any to any > > If I uncomment the ipr0 line, I cannot route out packets > in conjunction with: > > /etc/rc.local: > I run freebsd 2.2.5 / i4b-00.60-alpha-070598 (eeeeehrm...) read the natd manual well. I've thrown away the rc.firewall and do the next: ---- ./dialin.sh ---- #! /bin/sh xterm -T Isdn -n Isdnd -e /usr/local/bin/isdnd -F -d0x71 & ifconfig isppp0 inet 0.0.0.0 123.134.71.100 netmask 0xffffff00 ifconfig isppp0 down route add default 123.134.71.100 spppcontrol isppp0 myauthproto=pap myauthname=authname myauthsecret=123445 ifconfig isppp0 up natd -n isppp0 # /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via isppp0 /sbin/ipfw add pass all from any to any And that works fine. Don't do the flush since that one seems to kill isppp0 As said, you need to read the manpage of natd, because you need to do some settings in rc.conf as well. If things start to complain about a missing rc.firewall, just touch it, that will work. Good luck. Cheers, Eilko. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message