From owner-freebsd-questions Thu Feb 22 11: 7:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gdmckee.local (pc-62-30-209-11-so.blueyonder.co.uk [62.30.209.11]) by hub.freebsd.org (Postfix) with ESMTP id D578437B401 for ; Thu, 22 Feb 2001 11:07:38 -0800 (PST) (envelope-from freebsd@gdmckee.com) Received: from [192.168.0.5] (helo=p300) by gdmckee.local with smtp (Exim 3.20 #1) id 14W14z-00010h-00; Thu, 22 Feb 2001 19:07:05 +0000 Message-ID: <000701c09d02$aaaf8960$0500a8c0@gdmckee.local> From: "G D McKee" To: "Brennan Stehling" , "Ben" Cc: "freebsd-questions" References: Subject: Re: NATD Date: Thu, 22 Feb 2001 19:07:14 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Thanks for the info. I have searched through the archives, and people have the same problem, but no one seems to know who to get natd to log the denied packets. I tried firing it up with -log_denied, hupping syslogd, etc and still not log info. The system is up and running, just /var/log/,message is full of the same stuff, denied packet messages from natd. Have you managed to get portsentry to work with ipfw? Does anyone have a working config? Gordon ----- Original Message ----- From: "Brennan Stehling" To: "Ben" Cc: "G D McKee" ; "freebsd-questions" Sent: Thursday, February 22, 2001 5:36 PM Subject: Re: NATD > I finally got a NATD box set up and I have done this several times and it > is always a challenge. This time it was sort of my fault. I had IPDIVERT > in my kernel config file along with all of the other firewall options but > I missed IPFIREWALL. My yank in vi was off by one line. > > And once I did get the proper kernel in place I could not ping > anything. It turns out all I had to do was set my firewall type to > open. You can also add this rule to your firewall. > > ipfw add 100 allow all from any to any > > But it is probably best to read /etc/defaults/rc.conf and find the > firewall options. Copy those to /etc/rc.conf and change them as you see > fit. > > As for ipnat, that does not seem to work without natd running. I am > unsure why. It does not mention any of it in the man pages. > > I wish there was a simpler way of setting up NATD on FreeBSD. It has > become a very common use and yet it is still very hard. I am considering > writing an article for DaemonNews.org which will walk through it and offer > a few shell scripts to make this setup process easier. > > Too bad FreeBSD does not have the NetInfo system that MacOS X does. It > would be nice to access system settings as a database instead of having to > open and edit text files. That tends to be sloppy. > > Brennan Stehling - software developer and system administrator > my projects: > home.offwhite.net (free personal hosting) > www.greasydaemon.com (bsd search) > > > On Thu, 22 Feb 2001, Ben wrote: > > > Keep your eyes open. This topic has been discussed several times. > > Check the archive and there was one recently also. Good luck. > > > > ----- Original Message ----- > > From: "G D McKee" > > To: "freebsd-questions" > > Sent: Thursday, February 22, 2001 10:43 AM > > Subject: NATD > > > > > > > Hi > > > > > > I keep getting the error "failed to write packet back (Permission > > denied)". > > > How can I see what packets are being denied. Is there a way to log > > what > > > NATD is up to? > > > > > > Gordon > > > PS Please can you reply directly as I am not currently subscribed to > > this > > > mailing list. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message