Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Mar 2002 21:56:13 +0000
From:      Nuno Teixeira <nunotex@pt-quorum.com>
To:        freebsd-questions@freebsd.org
Cc:        KHaeberlein@gmx.net
Subject:   Re: firewall, ppp and tun0
Message-ID:  <20020315215612.GE33280@gw.tex.bogus>
In-Reply-To: <3C90B7E0.2030906@gmx.net>
References:  <3C90B7E0.2030906@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 14, 2002 at 03:46:56PM +0100, KHaeberlein@gmx.net wrote:
> I want to setup a FreeBSD machine to the Internet via PPPoE and DSL.
> This is no problem with the basic installation. But if I want to run it 
> with natd and a firewall it does not work. To connect to the ISP is no 
> problem, but I can not send and do not receive any data.
> 
> My /etc/rc.conf has following entries:
> 
>        ifconfig ed0 up            # start PPPoE-interface
>        gateway_enable="YES"
>        firewall_enable="YES"
>        firewall_script="name of  firewall script"
>        ppp_nat="NO"
>        natd_enable="YES"
>       natd_interface="tun0"
>       natd_flags="-dynamic"
> 
> As proposed in manpage natd(8) I have following firewall script:
> 
>        /sbin/ipfw    -f    flush
>        /sbin/ipfw    add 50 divert natd all from any to any via tun0
>       /sbin/ipfw     add pass all from any to any    
> 
> At boot time I get these messages:
> 
>        ipfw :  warning:    interface  " tun0 "   does not exist    (at 
> proceeding the firewall script)
>        Firewall rules loaded, starting divert daemons:   natdnatd  :   
> Unknown interface name tun0
> 
> 
> Can anybody tell what's wrong here?
> 
> Thanks
> 
> 
> Klaus
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

    
    Hi,
    
    I use a similar config but with a "normal" ppp conection ant it works 
    OK:
    
    /etc/rc.conf:
    
    # FIREWALL and NAT
    firewall_enable="YES"
    firewall_type="open"
    ppp_nat="NO"
    natd_enable="YES"
    natd_interface="tun0"
    natd_flags="-dynamic"
    # END FIREWALL and NAT
    
    The error "tun0 does not exist" is normal because the connection isn't 
    up yet, but there is no problem at all.
    
    Also, make sure that you have a kernel compiled with (at least):
    
    options	IPFIREWALL	# firewall
    options	IPDIVERT	# divert sockets
    
    so that natd works.
    
    hope that helps.
    
    Bye,
        
    
-- 
Nuno Teixeira
pt-quorum.com

/* 
PGP Public Key:
http://www.pt-quorum.com/pgp/nunoteixeira.asc
Fingerprint:
AF91 4AC0 85CB 272A 5441  E02F 5D84 ED9D 34D5 9145
*/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020315215612.GE33280>