From owner-freebsd-questions Mon Apr 24 14:39:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhop1.nyroc.rr.com (mailhop1-1.nyroc.rr.com [24.92.226.166]) by hub.freebsd.org (Postfix) with ESMTP id F123137BC8F for ; Mon, 24 Apr 2000 14:39:18 -0700 (PDT) (envelope-from dheller1@rochester.rr.com) Received: from mailout1.nyroc.rr.com ([24.92.226.146]) by mailhop1.nyroc.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U250000L250000S0V35) with ESMTP id com for ; Mon, 24 Apr 2000 17:35:57 -0400 Received: from rochester.rr.com ([24.24.34.106]) by mailout1.nyroc.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U250000L250000S0V35) with ESMTP id com for ; Mon, 24 Apr 2000 17:38:58 -0400 Message-ID: <3904BEE2.900D3C72@rochester.rr.com> Date: Mon, 24 Apr 2000 17:38:42 -0400 From: David Heller X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Natd doesn't work after upgrade to 4.0 stable Content-Type: multipart/mixed; boundary="------------0E03503EB526DA16F505E6E5" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------0E03503EB526DA16F505E6E5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi I just upgraded to 4.0 stable from 3.4 stable and I'm having a problem getting natd to work. I can access the internet from the FreeBSD machine (my gateway) ok but any machine on my LAN cannot ftp telnet or browse the "WEB". I've included my rc.conf natd.conf and the output from "$bash ipfw list". This worked before the upgrade fine and I tried an open firewall also still can't get out of my LAN. My new kernel I configured with IPFIREWALL and IPDIVERT enabled. Please any help or suggestion welcome. Thanks, Dave --------------0E03503EB526DA16F505E6E5 Content-Type: text/plain; charset=us-ascii; name="ipfw_list" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw_list" 00100 divert 8668 ip from any to any via ep0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 10.0.0.0/24 to any in recv ep0 00400 deny ip from 24.24.34.0/24 to any in recv ep1 00500 deny ip from 10.0.0.0/8 to any via ep0 00600 deny ip from any to 10.0.0.0/8 via ep0 00700 deny ip from 172.16.0.0/12 to any via ep0 00800 deny ip from any to 172.16.0.0/12 via ep0 00900 deny ip from 192.168.0.0/16 to any via ep0 01000 deny ip from any to 192.168.0.0/16 via ep0 01100 deny ip from 0.0.0.0/8 to any via ep0 01200 deny ip from any to 0.0.0.0/8 via ep0 01300 deny ip from 169.254.0.0/16 to any via ep0 01400 deny ip from any to 169.254.0.0/16 via ep0 01500 deny ip from 192.0.2.0/24 to any via ep0 01600 deny ip from any to 192.0.2.0/24 via ep0 01700 deny ip from 224.0.0.0/4 to any via ep0 01800 deny ip from any to 224.0.0.0/4 via ep0 01900 deny ip from 240.0.0.0/4 to any via ep0 02000 deny ip from any to 240.0.0.0/4 via ep0 02100 allow tcp from any to any established 02200 allow ip from any to any frag 02300 allow tcp from any to 24.24.34.x 25 setup 02400 allow tcp from any to 24.24.34.x 53 setup 02500 allow udp from any to 24.24.34.x 53 02600 allow udp from 24.24.34.x 53 to any 02700 allow tcp from any to 24.24.34.x 67 setup 02800 allow tcp from any to 24.24.34.x 80 setup 02900 deny log logamount 100 tcp from any to any in recv ep0 setup 03000 allow tcp from any to any setup 03100 allow udp from any 53 to 24.24.34.x 03200 allow udp from 24.24.34.x to any 53 03300 allow udp from any 123 to 24.24.34.x 03400 allow udp from 24.24.34.x to any 123 03500 allow ip from any to any 65535 deny ip from any to any --------------0E03503EB526DA16F505E6E5 Content-Type: text/plain; charset=us-ascii; name="natd_conf" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="natd_conf" use_sockets log dynamic --------------0E03503EB526DA16F505E6E5 Content-Type: text/plain; charset=us-ascii; name="rc_conf" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc_conf" # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. network_interfaces="lo0 ep0 ep1" defaultrouter="NO" # -- sysinstall generated deltas -- # pccard_ifconfig="NO" pccard_mem="DEFAULT" # -- sysinstall generated deltas -- # moused_enable="NO" # -- sysinstall generated deltas -- # linux_enable="YES" hostname="main.hellerkin.local" gateway_enable="YES" firewall_enable="YES" firewall_type="simple" dhcp_flags="-q" natd_enable="YES" natd_interface="ep0" natd_flags="-f /etc/natd.conf" log_in_vain="YES" lpd_enable="YES" named_enable="YES" amd_enable="YES" amd_flags="-F /etc/amd.conf" #rarpd_enable="YES" #rarpd_flags="-a -s" #nfs_server_enable="YES" #mountd_flags="-r" ntpdate_enable="YES" named_flags="-b /etc/named.conf" # -- sysinstall generated deltas -- # releaseName="3.3-19991005-STABLE" # -- sysinstall generated deltas -- # usbd_enable="YES" --------------0E03503EB526DA16F505E6E5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message