From owner-freebsd-stable Mon Mar 24 20: 4:40 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53F7537B401 for ; Mon, 24 Mar 2003 20:04:37 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA8E643FB1 for ; Mon, 24 Mar 2003 20:04:36 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 5FD9B15227; Mon, 24 Mar 2003 20:04:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 5F0C815226 for ; Mon, 24 Mar 2003 20:04:36 -0800 (PST) Date: Mon, 24 Mar 2003 20:04:36 -0800 (PST) From: Mike Hoskins To: stable@freebsd.org Subject: Re: Natd stops working on Firewall In-Reply-To: Message-ID: <20030324194108.P703-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-18.3 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 24 Mar 2003, Scot wrote: > Just setup my FreeBSD 4.7 Firewall using the docs > outlined in the handbook. The install went on and > everything seems to be working fine then boom. > The system seems to stop routing traffic. No > messages in the security log or natd log as to why. What happened when things stopped working? (What was going on when it went boom?) Does /var/log/messages say anything? > I made sure it was logging by nmaping my box from the > outside. I even ran natd in the foreground and it still didn't > tell me what was going on. I assume you mean with -verbose or -v? What flags do you usually give natd (maybe paste natd.conf, if used)? > There is nothing in any logfile that tells me why this thing > just stops working so I'm thinking it may not be a daemon but > something in the kernel. More on this below... > I cannot ping the interface from the internal network but tcpdump shows > the packets being received. (Hub network firewall_type=SIMPLE ). You edited rc.firewall $oif, $onet, etc. variables for your setup, correct? I'd assume so or it wouldn't work at all. Take a look at your rules with ipfw list or show. Is ICMP allowed? Also see firewall(7) for more helpful notes. > If I logon to the console the cable modem connection is still functioning > and I can surf from the firewall. So it's just the internal clients that cease to function? If the firewall/gateway itself is working properly, that may explain the lack of problematic output in log files noted above. OTOH, if you `sh rc.firewall` with firewall_type="open" do the clients immediately begin to work? Is this something that works again each time you reboot? Have you had this working in the past, or is this a first attempt? -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." --Sleater-Kinney, "Combat Rock" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message