Date: Tue, 1 Jun 1999 20:22:45 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: freebsd-questions@FreeBSD.ORG (FreeBSD Questions) Subject: NATd Problems at Startup Message-ID: <199906020022.UAA11269@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
I am setting up a machine to do NAT for a few other machines on a 192.168.0.0 network. I have made what I believe are the appropriate changes to rc.conf (this is a 2.2.8 system), % more /etc/rc.conf . [snip] . firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="fxp0 fxp1 lo0" # List of network interfaces (lo0 is loopback). ifconfig_fxp0="inet 10.0.0.204 netmask 255.255.255.0" ifconfig_fxp1="inet 192.168.0.1" ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. . . . ### Network routing options: ### defaultrouter="10.0.0.1" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="YES" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. router_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf). mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us natd_enable="YES" # Enable natd if firewall_enable. natd_interface="fxp0" # Public interface to use with natd if natd_enab le. natd_flags="-log -unregistered_only" # Additional flags for natd. . . . (The 10.0.0 net has been used to mask some registered IPs, so the '-unregistered_only' flag makes sense on the real machine.) The problem is the order in which the standard rc* files start things. The kernel messages come through fine, then the rc.firewall output, but then things get to, Additional routing options: IP gateway=YES. And freeze. From examining the startup scripts, I believe this is occuring at the next action after the nework_pass1 is completed, mount -a -t nfs That is, the NFS mounts are failing. If I hit ctrl-C at this point, the boot continues, but again will freeze up while 'timed' starts. One more ctrl-C and the boot completes. However, I have no timed or NFS services running. But they can be started perfectly fine by hand at this point. It seems pretty clear to me that the problem is that rc.firewall, with the line, /sbin/ipfw add divert natd all from any to any via fxp0 Is executed way at the begining during the rc.firewall script in network_pass1, but natd is not started until _dead last_ in network_pass3. With things in that condition, no network services will function before natd starts. I have not seen mention of this problem in the docs which forces me to wonder if I have not somehow messed this process up. Is there something I have misconfigured? Or have I missed the docs that mention how to fix/get around this problem? I should mention once I restart NFS and timed by hand, everything seems to work just fine. Thanks for any help. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020022.UAA11269>