From owner-freebsd-questions  Fri Jul  6 11:13:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from shumai.marcuscom.com (rdu26-228-058.nc.rr.com [66.26.228.58])
	by hub.freebsd.org (Postfix) with ESMTP id 2BDB737B406
	for <freebsd-questions@FreeBSD.ORG>; Fri,  6 Jul 2001 11:13:45 -0700 (PDT)
	(envelope-from marcus@marcuscom.com)
Received: from localhost (marcus@localhost)
	by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f66IE9r64891;
	Fri, 6 Jul 2001 14:14:09 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs
Date: Fri, 6 Jul 2001 14:14:09 -0400 (EDT)
From: Joe Clarke <marcus@marcuscom.com>
To: Mark Kobussen <kobes@usermail.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPFW/NATD or Cable Modem Trouble??
In-Reply-To: <004001c10645$64f25e00$0201a8c0@goldenrod.net>
Message-ID: <20010706141305.Q64705-100000@shumai.marcuscom.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

This looks good to me.  This is pretty much _exactly_ what I'm doing, and
it works fine.  It could be questionable service, but you might want some
more eyes looking at this.

Joe Clarke

On Fri, 6 Jul 2001, Mark Kobussen wrote:

> I'm having some problems with my cable modem service, and I have yet to
> figure out whether it is caused by my incompetence with UNIX, or
> questionable service.
>
> Here's the Problem:
> My cable service dies probably every 30 minutes of internet usage. Up until
> this point, the remedy is usually to cycle the power to the cable modem, at
> which time I'm able to access the internet again. The one thing that
> confuses me, is that at the same time the cable modem stops responding, I
> can no longer telnet into the FreeBSD box - it just won't respond. The
> FreeBSD machine just runs the whole time, without any error messages
> whatsoever.
>
> I will mention that as I was writing this, I could no longer access the
> FreeBSD machine. Approximately 5-10 minutes later it began responding again,
> without me power cycling the cable modem.
>
> Here's the information:
>
> Cable Modem: 3com Sharkfin
>
> FreeBSD 4.3, using NATD/IPFW for gateway functions
> 2 LinkSys Ether16 ISA 10BaseT NIC's
>
> ed1 is connected to the hub
> ed2 is connected to the cable modem
>
> ----- Pertinent rc.conf Information
> gateway_enable="YES"
> hostname="marlborough "
> ifconfig_ed1="inet 192.168.1.1 netmask 255.255.255.0"
> ifconfig_ed2="DHCP"
> inetd_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> moused_enable="YES"
> sendmail_enable="YES"
> gateway_enable="YES"
> sshd_enable="YES"
> portmap_enable="YES"
> firewall_enable="YES"
> firewall_script="/etc/firewall/fwrules"
> natd_enable="YES"
> natd_flags="-dynamic"
> natd_interface="ed2"
>
> ----- Now follows is /etc/firewall/fwrules
> /sbin/ipfw -f flush
> /sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
> /sbin/ipfw add 2000 divert natd all from any to any via ed2
> /sbin/ipfw add 6500 pass all from any to any
>
> ----- Important ifconfig information; ed2 inet address has been changed
> ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>             inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>             inet6 fe80::240:5ff:fe6f:b0d4%ed1 prefixlen 64 scopeid 0x2
>             ether 00:40:05:6f:b0:d4
> ed2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>             inet6 fe80::240:5ff:fe6e:4ded%ed2 prefixlen 64 scopeid 0x3
>             inet 11.22.33.114 netmask 0xfffff800 broadcast 255.255.255.255
>             ether 00:40:05:6e:4d:ed
>
> ----- Crucial netstat -nr; some names changed to protect the innocent
> Internet:
> Destination         Gateway         Flags         Refs         Use
> Netif         Expire
> default                 11.22.33.1     UGSc         4                30356
> ed2
> 11.22.33/21         link#3             UC             0                 0
> ed2 =>
> 127.0.0.1             127.0.0.1        UH             0                 0
> lo0
> 192.168.1             link#2             UC             0                 0
> ed1 =>
>
> ----- Finally, ipfw -at list
> 01000 0 0 allow ip from 127.0.0.1 to 127.0.0.1
> 02000 36196 21882514 Thu Jul 5 23:24:33 2001 divert 8668 ip from any to any
> via ed2
> 06500 80257 46277217 Thu Jul 5 23:26:37 2001 allow ip from any to any
> 65535 1 345 Thu Jul 5 17:14:47 2001 deny ip from any to any
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message