From owner-freebsd-questions@FreeBSD.ORG Tue Aug 5 15:27:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9446437B401 for ; Tue, 5 Aug 2003 15:27:06 -0700 (PDT) Received: from smtp06.wxs.nl (smtp06.wxs.nl [195.121.6.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id A729643FA3 for ; Tue, 5 Aug 2003 15:27:05 -0700 (PDT) (envelope-from akruijff@www.kruijff.org) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp06.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HJ6005WM3LVO6@smtp06.wxs.nl> for freebsd-questions@FreeBSD.org; Wed, 06 Aug 2003 00:25:08 +0200 (MEST) Received: from Intranet.lan (akruijff@localhost [127.0.0.1]) h75MR3eL085188;akruijff@Intranet.lan) Received: (from akruijff@localhost) by Intranet.lan (8.12.8p1/8.12.8/Submit) id h75MR2us085187; Wed, 06 Aug 2003 00:27:02 +0200 (CEST) Date: Wed, 06 Aug 2003 00:27:02 +0200 From: Alex de Kruijff In-reply-to: <3F2FC71A.8040104@proventum.net> To: Jacob Vennervald Message-id: <20030805222702.GA83123@dds.nl> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.1i References: <3F2FC71A.8040104@proventum.net> cc: freebsd-questions@FreeBSD.org Subject: Re: NATD and PPP problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 22:27:06 -0000 On Tue, Aug 05, 2003 at 05:02:50PM +0200, Jacob Vennervald wrote: > Hi > > I've installed a FreeBSD 4.8 machine, which I wanna use as a > NAT/Router/Firewall. > I have setup the pppoe connection which works perfectly and then I've > tried to setup the machine as a NAT Router by setting the following in > the rc.conf: > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="tun0" > But when I restart the machine it gives me the following error: > "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot > get interface address" > > When I log in and type "ifconfig" I can also see that the tun0 interface > doesn't exist, but when I turn off the two natd settings in rc.conf and > reboot it does exist. > > Can anybody help? > > Cheers, > Jacob Vennervald I assume you use ppp to setup your connection. If you don't this isn't going to work for you. You proberbly want to use the nat within the ppp tool instead. Try to leave the natd lines out of the rc.conf and add "nat enable yes" to this file: /etc/ppp/ppp.conf. Your gateway has internet afther this, but you lan doesn't. You must make sure that your firewall includes a line like: "divert 8668 ip from any to any via tun0". This send the packets to the natd port for processing. It could be that ipfw (the firewall) is called before ppp. This could cause it to ignore this rule. The best thing is to create a simple firewall with a script at first. Something like: ipfw flush ipfw add 100 allow ip from any to any via lo0 ipfw add 200 deny ip from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 ipfw add 400 divert natd from any to any via tun0 ipfw add 500 allow ip from any to any And then execute it on the prompt like "script &". The & sign is importent if you didn't compile the kernel so that it allows all trafic by default. If your firewall denies all traffic by default then you may experiance a drop of you connection. Your script is aborted at this time, if it doesn't run in the bacground. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/