From owner-freebsd-questions Thu Feb 22 9:37: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id 7817437B491 for ; Thu, 22 Feb 2001 09:37:02 -0800 (PST) (envelope-from brennan@offwhite.net) Received: from localhost (brennan@localhost) by home.offwhite.net (8.11.1/8.11.1) with ESMTP id f1MHauI54868; Thu, 22 Feb 2001 11:36:56 -0600 (CST) (envelope-from brennan@offwhite.net) Date: Thu, 22 Feb 2001 11:36:56 -0600 (CST) From: Brennan Stehling To: Ben Cc: G D McKee , freebsd-questions Subject: Re: NATD In-Reply-To: <009c01c09ceb$fd51d4a0$6102a00a@nhqadmin17> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I finally got a NATD box set up and I have done this several times and it is always a challenge. This time it was sort of my fault. I had IPDIVERT in my kernel config file along with all of the other firewall options but I missed IPFIREWALL. My yank in vi was off by one line. And once I did get the proper kernel in place I could not ping anything. It turns out all I had to do was set my firewall type to open. You can also add this rule to your firewall. ipfw add 100 allow all from any to any But it is probably best to read /etc/defaults/rc.conf and find the firewall options. Copy those to /etc/rc.conf and change them as you see fit. As for ipnat, that does not seem to work without natd running. I am unsure why. It does not mention any of it in the man pages. I wish there was a simpler way of setting up NATD on FreeBSD. It has become a very common use and yet it is still very hard. I am considering writing an article for DaemonNews.org which will walk through it and offer a few shell scripts to make this setup process easier. Too bad FreeBSD does not have the NetInfo system that MacOS X does. It would be nice to access system settings as a database instead of having to open and edit text files. That tends to be sloppy. Brennan Stehling - software developer and system administrator my projects: home.offwhite.net (free personal hosting) www.greasydaemon.com (bsd search) On Thu, 22 Feb 2001, Ben wrote: > Keep your eyes open. This topic has been discussed several times. > Check the archive and there was one recently also. Good luck. > > ----- Original Message ----- > From: "G D McKee" > To: "freebsd-questions" > Sent: Thursday, February 22, 2001 10:43 AM > Subject: NATD > > > > Hi > > > > I keep getting the error "failed to write packet back (Permission > denied)". > > How can I see what packets are being denied. Is there a way to log > what > > NATD is up to? > > > > Gordon > > PS Please can you reply directly as I am not currently subscribed to > this > > mailing list. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message