From owner-freebsd-net Thu Nov 12 09:17:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA29327 for freebsd-net-outgoing; Thu, 12 Nov 1998 09:17:44 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from seg.fault.net (seg.fault.net [207.96.19.192]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA29319 for ; Thu, 12 Nov 1998 09:17:41 -0800 (PST) (envelope-from awood@fault.net) Received: from localhost (awood@localhost) by seg.fault.net (8.9.1/8.8.7) with SMTP id MAA02055 for ; Thu, 12 Nov 1998 12:17:31 -0500 (EST) (envelope-from awood@fault.net) Date: Thu, 12 Nov 1998 12:17:30 -0500 (EST) From: austin wood To: freebsd-net@FreeBSD.ORG Subject: NATD Problems Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I spent a long time setting up my freebsd box so it dials to my ISP with kernel ppp and it acts as a gateway. For packet aliasing, I use natd. I am very happy with the setup, except I think that natd is blocking some tcp packets. This results in a connection timeouts on particular site. If this is not fixable, I will go to ppp -alias instead. Here is an example of what happens when I try to connect. # natd -interface ppp0 -v Out [UDP] 10.1.1.3 -> 207.172.3.16 aliased to 207.96.19.192 -> 207.172.3.16 In [UDP] 207.172.3.16 -> 207.96.19.192 aliased to 207.172.3.16 -> 10.1.1.3 Out [TCP] 10.1.1.3:1103 -> 198.138.176.19:80 aliased to 207.96.19.192:1103 -> 198.138.176.19:80 In [TCP] 198.138.176.19:80 -> 207.96.19.192:1103 aliased to 198.138.176.19:80 -> 10.1.1.3:1103 Out [TCP] 10.1.1.3:1103 -> 198.138.176.19:80 aliased to 207.96.19.192:1103 -> 198.138.176.19:80 Out [TCP] 10.1.1.3:1103 -> 198.138.176.19:80 aliased to 207.96.19.192:1103 -> 198.138.176.19:80 Out [TCP] 10.1.1.3:1103 -> 198.138.176.19:80 aliased to 207.96.19.192:1103 -> 198.138.176.19:80 In [TCP] 198.138.176.19:80 -> 207.96.19.192:1103 aliased to 198.138.176.19:80 -> 10.1.1.3:1103 I think it's not forwarding that last packet because netscape remains in the "Waiting for reply..." state. Here is a list of sites to which a connection cannot be established. http://www.collegeboard.org/ http://www.hotmail.com/ http://www.idsoftware.com/ http://www.futurestep.com/ My configuration files: /etc/rc.conf: tcp_extensions="NO" firewall_enable="YES" firewall_type="open" network_interfaces="ep0 lo0 ppp0" ifconfig_lo0="inet 127.0.0.1" ifconfig_ep0="inet 10.1.1.1 netmask 255.255.255.0 link2" ifconfig_ppp0= gateway_enable="YES" /etc/rc.firewall: if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then $fwcmd -f flush $fwcmd add divert natd all from any to any via ppp0 $fwcmd add pass all from any to any /etc/services: natd 6668/divert kernel: options IPFIREWALL options IPDIVERT I think that's all the configuration files needed. I use "natd -interface ppp0" to start it. Thanks in Advance, Austin Wood To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message