Date: Fri, 17 Jan 2003 10:18:48 -0500 From: "JoeB" <barbish@a1poweruser.com> To: "Stephen D. Kingrea" <reytech@sover.net>, "Bill Moran" <wmoran@potentialtech.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: different ipfw/natd prob Message-ID: <MIEPLLIBMLEEABPDBIEGEENFDDAA.barbish@a1poweruser.com> In-Reply-To: <Pine.BSI.4.21.0301170843480.24479-100000@granite.sover.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you really have named Domain server configured? If not remove
named_enable="YES"
If you really do not want sendmail it should be
sendmail_enable="NONE"
From your description I see no reason for any of the router_
options
You don't need this either
network_interfaces="lo0 fxp0 dc0"
ifconfig_lo0="inet 127.0.0.1"
Your rule set is missing the divert rule to send
all packets to ipfw's built in nat function inferface module.
allow ip from any to any via lo0
divert natd all from any to any via dc0 add this rule
allow all ip from any to any
deny ip from any to any
-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Stephen D.
Kingrea
Sent: Friday, January 17, 2003 8:53 AM
To: Bill Moran
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: different ipfw/natd prob
following is rc.conf, /etc/natd.conf, ifconfig, ipfw show
rc.conf
inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
tcp_extensions="YES"
named_enable="YES"
sendmail_enable="NO"
portmap_enable="YES"
router_enable="yes"
router="/sbin/routed"
router_flags="-q"
defaultrouter="68.abc.de.1"
hostname="www.kingrea.com"
network_interfaces="lo0 fxp0 dc0"
ifconfig_lo0="inet 127.0.0.1"
ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media
10baseT/UTP"
ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
gateway_enable="YES"
natd_enable="YES"
natd_interface="dc0"
natd_flags="-f /etc/natd.conf"
natd.conf
interface dc0
use_sockets yes
same_ports yes
ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255
inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1
ether 00:04:5a:5a:99:87
media: Ethernet 10baseT/UTP
status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2
ether 00:a0:c9:5c:37:38
media: Ethernet autoselect (100baseTX)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 4208 345040 all ip from any to any
65535 0 0 deny ip from any to any
thanks for assistance!
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
>Stephen D. Kingrea wrote:
>> i have a slightly different ipfw/natd problem.
>>
>> machines on the lan can ping internal nic on the server (fbsd
4.7), and
>> the external nic, but can not ping or reach anything outside.
unless i
>> telnet into the server, then telnet out. currently running ipfw
>> "open" until problem is solved. server can ping all machines on
lan.
>
>On a wild guess, it sounds like your divert rule is wrong.
>Need more information to help with this.
>
>Please repost to the list and include the following:
>The output of 'ipfw show'
>The output of 'ifconfig'
>The contents of your rc.conf file
>
>--
>Bill Moran
>Potential Technologies
>http://www.potentialtech.com
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEENFDDAA.barbish>