Date: Fri, 30 Oct 1998 00:30:56 +0100 From: Arve Ronning <Arve.Ronning@ah.telia.no> To: Frederico Costa <fpcosta@get2net.dk> Cc: freebsd-isdn@FreeBSD.ORG Subject: Re: Using ipfw and NATD Message-ID: <3638FAB0.43A8FB@ah.telia.no> References: <3638C650.73A16E9B@get2net.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Frederico Costa wrote:
>
> Hi ...
>
> I don't know if this is the right mailing list to put this question but
It is.
>
> I enabled the gateway and the firewall through rc.conf
>
> Then i add the use the following to connect to my ISP:
>
> # Put isdn working
> isdnd -l
> papauth="myauthname=xxx myauthsecret=xxx"
> spppcontrol isppp0 myauthproto=pap $papauth hisauthproto=none
>
> ifconfig isppp0 inet 0.0.0.0 0.0.0.1 link1 debug
> route add default 0.0.0.1
I have:
ifconfig isppp0 link1 0.0.0.0 0.0.0.1 netmask 0xffffff00
route add default -interface isppp0
(not sure there is anything wrong with your ifconfig, but the
route add default certainly needs to be changed)
>
> And then i use
>
> natd -interface isppp0
Should be:
natd -dynamic -interface isppp0
>
> And the rules
>
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via ed0
Should be:
/sbin/ipfw add divert natd all from any to any via isppp0
because you want the NAT function on the external interface
> /sbin/ipfw add pass all from any to any
>
> I think the problem is related to the fact that i am using dynamic ip's
> when i connect to the ISP, so i tried the dynamic flag in the natd, but
> nothing change.
That's because natd needs to be on isppp0 and isdn4bsd needs a patch
to work smoothly with the -dynamic option. I've attached one possible
patch from garyj@muc.de. This is probably not the official patch, but
it works fine for me and several others.
>
> I have 2.2.7 RELEASE.
>
> If i don't use the natd and the firewall i can connect to the internet
> using freebsd. And i can connect from the computers to the freebsd
> through my network.
>
> But when i use the natd and ipfw, i can't to the internet and i can't
> either connect from the computers to the freebsd
>
> Did anyone experience some problems like this. Can anyone point
> directions ?
>
As you might already have understood, I was in the exact same situation
some months ago :).
Good luck
-Arve
------ the patch from Gary (let's hope it doesn't get distorted by
cut&paste&mail) --
*** if_spppsubr.c.orig Tue Aug 25 23:02:24 1998
--- if_spppsubr.c Thu Aug 27 23:03:03 1998
***************
*** 56,61 ****
--- 56,62 ----
#include <net/if.h>
#include <net/netisr.h>
#include <net/if_types.h>
+ #include <net/route.h>
#include <machine/stdarg.h>
***************
*** 3914,3920 ****
static void
sppp_set_ip_addr(struct sppp *sp, u_long src)
{
! struct ifnet *ifp = &sp->pp_if;
struct ifaddr *ifa;
struct sockaddr_in *si;
--- 3915,3921 ----
static void
sppp_set_ip_addr(struct sppp *sp, u_long src)
{
! STDDCL;
struct ifaddr *ifa;
struct sockaddr_in *si;
***************
*** 3940,3947 ****
if (si)
break;
}
! if (ifa && si)
si->sin_addr.s_addr = htonl(src);
}
static int
--- 3941,3974 ----
if (si)
break;
}
! if (ifa && si) {
! /* delete the old address first XXX */
! if (debug)
! log(LOG_DEBUG, SPP_FMT "\ndeleting route1\n",
! SPP_ARGS(ifp));
! rtinit(ifa, (int)RTM_DELETE, 0);
si->sin_addr.s_addr = htonl(src);
+
+ /* seems like this is the place to modify any routing info */
+ /*
+ * XXXX
+ * BEWARE !! if the semantics for a dynamic
+ * address (IP == 0 || IP == 1) are changed, then this
+ * will *not* work anymore !!!!
+ */
+ if (src == 0) { /* deleting the address */
+ if (debug)
+ log(LOG_DEBUG, SPP_FMT "\ndeleting route2\n",
+ SPP_ARGS(ifp));
+ /* XXX RTF_HOST or 0 ?? */
+ rtinit(ifa, (int)RTM_DELETE, 0);
+ } else if (src && src != 1) { /* adding a new address */
+ if (debug)
+ log(LOG_DEBUG, SPP_FMT "adding route\n",
+ SPP_ARGS(ifp));
+ rtinit(ifa, (int)RTM_ADD, 0|RTF_UP);
+ }
+ }
}
static int
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3638FAB0.43A8FB>