Date: Tue, 04 Nov 2014 17:31:28 -0700 From: Gary Aitken <vagabond@blackfoot.net> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-questions@freebsd.org Subject: Re: natd not translating? Message-ID: <54596FE0.7020603@blackfoot.net> In-Reply-To: <20141104160325.W52402@sola.nimnet.asn.au> References: <mailman.73.1415016001.56588.freebsd-questions@freebsd.org> <20141104160325.W52402@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ian,
Thanks for the reply. I've made a little progress since posting that as of
today, but not there yet. (see below)
This whole exercise has been an example of why it's a help to all be in the
same room. Especially when you don't have an alternate network connection! :-(
My understanding is now not necessarily broader than it otherwise might be,
but it is surely harder won and probably burned in a bit better... At my
stage in life I can only hope it stays there long enough to get me to the
end...
On 11/03/14 22:37, Ian Smith wrote:
> In freebsd-questions Digest, Vol 544, Issue 1, Message: 9
> On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" <vagabond@blackfoot.net> wrote:
...
> > I'm trying to set up natd and can't for the life of me figure out
> > what's wrong with my config.
> >
> > natd.conf:
> >
> > use_sockets
> > same_ports
> > unregistered_only
> > verbose
> > alias_address 66.109.141.60
> >
> > What I see:
> > In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to
> > [ICMP] 192.168.1.2 -> 128.2.42.52 8(0)
> >
> > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60?
...
> Not enough information to have any idea how your NAT box is setup.
>
> Need to know the inside and outside interface addresses (eg ifconfig);
> ipfw rules, especially around those invoking natd (divert rule/s) and
> where these are placed in your ruleset; who/where is 192.168.1.2, is
> 66.109.141.60 always your assigned public IP address, freebsd version?
Sorry:
world -> ep0 (66.109.141.*) fbsdbox (192.168.1.1) xl0 -> internal
66.109.141.60 is one of my assigned ip addrs.
I *think* I got the above problem even with ipfw wide open:
00005 allow ip from any to any
00010 divert 8668 ip from any to any via ep0
I say *think* because I am further along but did not go back and
verify the cause. My head is a bit damaged and the wall is bloody.
I believe the problem was a missing entry in /boot/loader.conf
(ipdivert_load="YES")
which I found as a result of this note and the references to others in it:
http://freebsd.1045724.n5.nabble.com/Kernel-Update-IPFW-not-working-td4208637.html
Anyway, I'm past that problem and most things are working.
However, still having some trouble working out my ipfw rules but if I can
see what's happening I think I can figure it out. However...
I can't seem to get logging to work. I have the following in natd.conf:
log_denied
log_ipfw_denied
log_facility local0
and the following in syslog.conf
!local0
*.* /var/log/natd.log
If I run natd with verbose, I occasionally see
"natd: failed to write packet back: Permission denied"
errors on the controlling terminal.
If I run without verbose (detached), I see no entries in /var/log/natd.log.
Thanks for any insights.
Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54596FE0.7020603>