Date: Sat, 22 May 1999 02:25:01 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: freebsd-questions@freebsd.org Subject: IP masquerading with user ppp Message-ID: <19990522022501.A42309@rainbow5.scientia.demon.co.uk>
next in thread | raw e-mail | index | archive | help
I'm having a few problems getting IP masquerading working here,
hopefully someone can help me. Here's the situation: two machines here,
scientia and rainbow5 (don't ask). scientia is (or should be) the
gateway machine, and rainbow5 is connected to scientia using a serial
cable (again, don't ask). The serial cable is handled at both ends
by user ppp, this all works fine (although fairly slow). scientia has
another user ppp process handling the connection to my ISP. I'm trying
to get scientia to do IP masq for rainbow5, and failing miserably.
relevant (hopefully) information...
ben@scientia:~/work$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 158.152.1.222 UGSc 2 31 tun0
127.0.0.1 127.0.0.1 UH 1 117931 lo0
158.152.1.222 212.228.14.13 UH 2 0 tun0
192.168.1.2 192.168.1.1 UH 4 3705 tun1
ben@scientia:~/work$ ifconfig -a
tun0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 212.228.14.13 --> 158.152.1.222 netmask 0xffffffff
tun1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.1.1 --> 192.168.1.2 netmask 0xffffff00
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ben@rainbow5:~$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 0 19 tun0
127.0.0.1 127.0.0.1 UH 1 13278 lo0
192.168.1.1 192.168.1.2 UH 6 4160 tun0
ben@rainbow5:~$ ifconfig -a
tun0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.1.2 --> 192.168.1.1 netmask 0xffffff00
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ben@scientia:~/work$ ps ax | grep ppp
45226 ?? Is 0:00.05 /usr/sbin/ppp -alias -auto demon
45328 a0 Ss+ 0:07.53 /usr/sbin/ppp -direct incoming
ben@rainbow5:~$ ps ax | grep ppp
41999 ?? Ss 0:17.36 /usr/sbin/ppp -background scientia
ben@scientia:~/work$ sysctl net | grep forwarding
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
Now, when I do something like:
ben@rainbow5:~$ nc 204.216.27.21 80
I just see things like this in scientia's log:
May 22 02:15:07 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0
May 22 02:15:10 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0
(ipfw stops packets with a src or dst address in 192.168/16 going out
into the big wide world, IP masq should rewrite this source address,
shouldn't it, or am I completely missing the point?)
What am I not doing which I should be? The FAQ says ppp has this
functionality built in, so I shouldn't need natd, I haven't seen any extra
kernel options mentioned anywhere, I've read the ppp manpage over and over
(although probably not carefully enough), so I'd appreciate any help
anyone can provide.
--
Ben Smithurst
ben@scientia.demon.co.uk
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990522022501.A42309>