From owner-freebsd-questions Wed Mar 24 15:37:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cs.sfu.ca (cs.sfu.ca [142.58.111.1]) by hub.freebsd.org (Postfix) with ESMTP id B41FF14DC0 for ; Wed, 24 Mar 1999 15:37:37 -0800 (PST) (envelope-from tront@cs.sfu.ca) Received: from sockeye (sockeye [199.60.4.6]) by cs.sfu.ca (8.9.1/8.9.1) with SMTP id PAA04613; Wed, 24 Mar 1999 15:33:48 -0800 (PST) Message-Id: <3.0.3.32.19990324153349.00a189c0@cs.sfu.ca> X-Sender: tront@cs.sfu.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 24 Mar 1999 15:33:49 -0800 To: Brian Somers From: tront@cs.sfu.ca Subject: Re: natd problem Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <199903242216.WAA05275@keep.lan.Awfulhak.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:16 PM 3/24/99 +0000, Brian Somers wrote: >Perhaps ``options DIVERT'' isn't built into your kernel ? Otherwise, >maybe natd is listening to a different divert port from the one ipfw >is telling the firewall to use. Nope. Like I said, we did everything in the 'Running Natd' portion of the natd man page including rebuilding the kernel. Do you have any other suggestions? Russ. > >> I am a university instructor of a network admin course that has been using >> freebsd unix for 2 years, we are currently using 2.2.7. We are trying natd >> for the first time ever. And after checking all available documentation we >> are stumped as to why we can't even ping one hop from the gateway to a >> public network machine while natd is running. >> We have followed the instructions on the man page exactly! >> We can ping from the internal machine to the gateway and visa versa. But >> not through the gateway to the public network. And more interestingly, not >> even from the gateway machine to the public network (one hop!). When we >> kill natd and remove the divert firewall rule, ping is successful in all >> ways, including relay through the gateway, so the connectivity and routing >> is good. >> >> The divert rule firewall timestamp is showing that it is being used at the >> time we attempt to pings, so the firewall is running. And the firewall >> only has the specified 2 rules plus the final 65535 deny rule. Also, we >> found that running natd in verbose mode generated no error messages. And >> running in log mode didn't seem to generate any log in alias.log. >> >> We have spent hours on this, and are beginning to disagree with the man >> page that states "Running natd is fairly straight forward". Can you give >> us another pointer or two on where to look for some error in our setup. >> >> Thanks VERY much, >> Russ Tront, Instructor >> School of Computer Science >> Simon Fraser University >> Burnaby, B.C. V5A 1S6 >> Canada. > >-- >Brian > >Don't _EVER_ lose your sense of humour ! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message