From owner-freebsd-ipfw Sun Jun 27 11:36:49 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from iaehv.iae.nl (iaehv.IAE.nl [194.151.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 388AF14E9B for ; Sun, 27 Jun 1999 11:36:47 -0700 (PDT) (envelope-from guido@iae.nl) Received: by iaehv.iae.nl (Postfix, from userid 102) id 315A620F63; Sun, 27 Jun 1999 20:36:47 +0200 (CEST) Subject: Re: ipfilter version with FreeBSD? In-Reply-To: <199906261627.BAA03989@lavender.yy.cs.keio.ac.jp> from MIHIRA Sanpei Yoshiro at "Jun 27, 1999 1:27:19 am" To: sanpei@sanpei.org (MIHIRA Sanpei Yoshiro) Date: Sun, 27 Jun 1999 20:36:47 +0200 (CEST) Cc: lconrad@Go2France.com, ipfilter@coombs.anu.edu.au, freebsd-ipfw@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 635 Message-Id: <19990627183647.315A620F63@iaehv.iae.nl> From: guido@iae.nl (Guido van Rooij) Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG MIHIRA Sanpei Yoshiro wrote: > >How can I determine the version of ipfilter delivered with FBSD 3.1-R ? > > FreeBSD-3.1-RELEASE has IP Filter 3.2.7 version. > And FreeBSD-3-stable and 4-current also has 3.2.7. > > http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/HISTORY > > MIHIRA Sanpei Yoshiro > > P.S. > Does someone merge IP Filter 3.2.10 to FreeBSD source tree? > I think without loadable module(kld), it is easy to update 3.2.10. > I use 3.2.10 with FreeBSD-3.1-RELEASE box with below URL method. > http://www.yy.cs.keio.ac.jp/~sanpei/FreeBSD/ipfilter.html > \ I have volunteered to do so. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jun 27 15: 5:38 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.knight-trosoft.com (mail.knight-trosoft.com [209.180.70.2]) by hub.freebsd.org (Postfix) with ESMTP id 4E2B814DD7 for ; Sun, 27 Jun 1999 15:05:35 -0700 (PDT) (envelope-from johnp@knight-trosoft.com) Received: (from johnp@localhost) by mail.knight-trosoft.com (8.8.8/8.8.5) id RAA09143 for freebsd-ipfw@freebsd.org; Sun, 27 Jun 1999 17:05:29 -0500 (CDT) Date: Sun, 27 Jun 1999 17:05:29 -0500 (CDT) From: John Prince Message-Id: <199906272205.RAA09143@mail.knight-trosoft.com> To: freebsd-ipfw@freebsd.org Subject: ICQ help Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello.. I was curious, does anyone have any suggestions, in making ICQ work with Nat? I just switched my customers, and have received a few complaints. AIM seems to work. Any help is appreciated. Thanks, --john To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jun 27 22:58:42 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from donpac.ru (donpac.ru [194.84.148.226]) by hub.freebsd.org (Postfix) with ESMTP id 21F7B15366 for ; Sun, 27 Jun 1999 22:58:36 -0700 (PDT) (envelope-from hitower@don.sitek.net) Received: from dkeeper.ddns.org (ppp6.ats74.donpac.ru [195.151.107.214]) by donpac.ru (8.9.1/8.9.1/cae1.1.0.4) with ESMTP id KAA03795; Mon, 28 Jun 1999 10:02:24 GMT Received: from don.sitek.net (nest.dungeon [10.0.0.254]) by dkeeper.ddns.org (8.9.2/8.9.1) with ESMTP id JAA85519; Mon, 28 Jun 1999 09:55:17 +0400 (MSD) (envelope-from hitower@don.sitek.net) Message-ID: <37770DE8.D04B952D@don.sitek.net> Date: Mon, 28 Jun 1999 09:53:44 +0400 From: Max Mukhin X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: John Prince Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ICQ help References: <199906272205.RAA09143@mail.knight-trosoft.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG install socks5, it works just fine with it -- hitower@don.sitek.net | ICQ 21050590 | Rostov-on-Don, Russia -----------------------+--------------+-------------------------------- PGP fingerprint: 2E26 C4FF 6940 1F7E 0188 1684 7B21 CF13 068D AE82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 10:45:28 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from i.caniserv.com (i.caniserv.com [139.142.95.1]) by hub.freebsd.org (Postfix) with SMTP id D80091539D for ; Mon, 28 Jun 1999 10:45:21 -0700 (PDT) (envelope-from Darcy@ok-connect.com) Received: (qmail 27603 invoked from network); 28 Jun 1999 17:51:45 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by 139.142.95.10 with SMTP; 28 Jun 1999 17:51:45 -0000 Message-Id: <3.0.32.19990628104731.037332d0@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 28 Jun 1999 10:47:32 -0700 To: freebsd-ipfw@freebsd.org From: Darcy Buskermolen Subject: ipfw and snmp Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Can anybody tell me how to get snmp monitoring of ipfw rules to work ? I've tried almost every variation of snmpwalk/get that I can thik of but with no luck :/ I've done this before on linux installs but with ipfwadm. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 10:52:31 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ds.express.ru (ds.express.ru [212.24.32.7]) by hub.freebsd.org (Postfix) with ESMTP id 13CB015343 for ; Mon, 28 Jun 1999 10:52:22 -0700 (PDT) (envelope-from vova@express.ru) Received: from radiance.plugcom.ru ([212.24.36.7] helo=mail.plugcom.ru ident=root) by ds.express.ru with esmtp (Exim 2.12 #8) id 10yfZj-0002Ss-00 for freebsd-ipfw@freebsd.org; Mon, 28 Jun 1999 21:52:11 +0400 Received: from radiance.plugcom.ru ([212.24.36.7] helo=express.ru ident=vova) by mail.plugcom.ru with esmtp (Exim 2.12 #3) id 10yfZr-0000Rx-00 for freebsd-ipfw@freebsd.org; Mon, 28 Jun 1999 21:52:20 +0400 Message-ID: <3777B653.9E3849A2@express.ru> Date: Mon, 28 Jun 1999 21:52:19 +0400 From: "Vladimir B. Grebenschikov" X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 2.2-110597 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Re: ipfw and snmp References: <3.0.32.19990628104731.037332d0@mail.ok-connect.com> Content-Type: text/plain; charset=x-user-defined Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Darcy Buskermolen wrote: > > Can anybody tell me how to get snmp monitoring of ipfw rules to work ? > > I've tried almost every variation of snmpwalk/get that I can thik of but > with no luck :/ I've done this before on linux installs but with ipfwadm. I am made module to ucd-snmpd, it works for me, but I don't tried to walk accross it, I need only get, But may be walk will work too. while build it is need to add special flag to configure for add this module If you interested in it, gpt it from http://www.plugcom.ru/~vova/ipfw-snmp.tgz -- TSB Russian Express, Moscow Vladimir B. Grebenschikov, vova@express.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 11:29:55 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from negril.msrce.howard.edu (negril.msrce.howard.edu [138.238.128.153]) by hub.freebsd.org (Postfix) with SMTP id E4A1614F85 for ; Mon, 28 Jun 1999 11:29:45 -0700 (PDT) (envelope-from rahman@negril.msrce.howard.edu) Received: from [216.2.19.23] by negril.msrce.howard.edu; (5.65/1.1.8.2/02Mar99-8.2MPM) id AA08812; Mon, 28 Jun 1999 13:36:26 -0400 Message-Id: <003001bec194$4ccbd560$4c0110ac@wombat1.sunbursthospitality.com> From: "A.R." To: "ipfw" Subject: firewall Date: Mon, 28 Jun 1999 14:29:10 -0400 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-Mimeole: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This may be off base but are their any good sites that give explicit detail on how to make a dual homed firewall box using freebsd or another flavor of linux thanks in advance regards a. rahman systems engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 11:46:45 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from i.caniserv.com (i.caniserv.com [139.142.95.1]) by hub.freebsd.org (Postfix) with SMTP id 3C2CC15451 for ; Mon, 28 Jun 1999 11:46:40 -0700 (PDT) (envelope-from Darcy@ok-connect.com) Received: (qmail 3310 invoked from network); 28 Jun 1999 18:53:05 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by 139.142.95.10 with SMTP; 28 Jun 1999 18:53:05 -0000 Message-Id: <3.0.32.19990628114850.02565c30@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 28 Jun 1999 11:48:51 -0700 To: freebsd-ipfw@freebsd.org From: Darcy Buskermolen Subject: Re: firewall Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 02:29 PM 6/28/99 -0400, you wrote: >This may be off base but are their any good sites that give explicit >detail on how to make a dual homed firewall box using freebsd or >another flavor of linux A) FreeBSD is not a version of linux. B) Have a look at the following URLS: http://cheops.anu.edu.au/~avalon/ip-filter.html http://www.freebsddiary.org/freebsd/topics.htm#firewalls > > >thanks in advance > > >regards > >a. rahman >systems engineer > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 15:28:27 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.knight-trosoft.com (mail.knight-trosoft.com [209.180.70.2]) by hub.freebsd.org (Postfix) with ESMTP id 6987114E7C for ; Mon, 28 Jun 1999 15:28:23 -0700 (PDT) (envelope-from johnp@knight-trosoft.com) Received: (from johnp@localhost) by mail.knight-trosoft.com (8.8.8/8.8.5) id RAA10196; Mon, 28 Jun 1999 17:28:22 -0500 (CDT) Date: Mon, 28 Jun 1999 17:28:22 -0500 (CDT) From: John Prince Message-Id: <199906282228.RAA10196@mail.knight-trosoft.com> To: hitower@don.sitek.net, johnp@knight-trosoft.com Subject: Re: ICQ help Cc: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <37770DE8.D04B952D@don.sitek.net> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for the reply.. I had already setup socks.. Was hoping I could get it to work with just ipfw. Any luck configuring socks and natd on the same box?? --john > From hitower@don.sitek.net Mon Jun 28 00:58:57 1999 > Date: Mon, 28 Jun 1999 09:53:44 +0400 > From: Max Mukhin > To: John Prince > CC: freebsd-ipfw@FreeBSD.ORG > Subject: Re: ICQ help > > install socks5, it works just fine with it > -- > hitower@don.sitek.net | ICQ 21050590 | Rostov-on-Don, Russia > -----------------------+--------------+-------------------------------- > PGP fingerprint: 2E26 C4FF 6940 1F7E 0188 1684 7B21 CF13 068D AE82 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 20:17:28 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from chmls05.mediaone.net (ne.mediaone.net [24.128.1.70]) by hub.freebsd.org (Postfix) with ESMTP id 0949614D2C for ; Mon, 28 Jun 1999 20:17:10 -0700 (PDT) (envelope-from bloom@acm.org) Received: from acm.org (jbloom.ne.mediaone.net [24.128.100.196]) by chmls05.mediaone.net (8.8.7/8.8.7) with ESMTP id XAA17685; Mon, 28 Jun 1999 23:17:01 -0400 (EDT) Message-ID: <37783AB0.D10258C1@acm.org> Date: Mon, 28 Jun 1999 23:17:04 -0400 From: Jim Bloom X-Mailer: Mozilla 4.61 [en]C-MOENE (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "A.R." Cc: ipfw Subject: Re: firewall References: <003001bec194$4ccbd560$4c0110ac@wombat1.sunbursthospitality.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here is a site that is centered around Linux, but the basic information should be useful to everyone. http://linux-firewall-tools.com/linux There is even a tools that will generate a firewall script for older versions of Linux (Red Hat 6.0 needs work). Jim Bloom bloom@acm.org "A.R." wrote: > > This may be off base but are their any good sites that give explicit > detail on how to make a dual homed firewall box using freebsd or > another flavor of linux > > regards > > a. rahman > systems engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jun 28 22:59: 9 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from donpac.ru (donpac.ru [194.84.148.226]) by hub.freebsd.org (Postfix) with ESMTP id 21FE514DED for ; Mon, 28 Jun 1999 22:59:03 -0700 (PDT) (envelope-from hitower@don.sitek.net) Received: from dkeeper.ddns.org (ppp4.ats74.donpac.ru [195.151.107.212]) by donpac.ru (8.9.1/8.9.1/cae1.1.0.4) with ESMTP id KAA03805; Tue, 29 Jun 1999 10:03:55 GMT Received: from don.sitek.net (nest.dungeon [10.0.0.254]) by dkeeper.ddns.org (8.9.2/8.9.1) with ESMTP id JAA91633; Tue, 29 Jun 1999 09:58:11 +0400 (MSD) (envelope-from hitower@don.sitek.net) Message-ID: <37786012.E366C6E2@don.sitek.net> Date: Tue, 29 Jun 1999 09:56:34 +0400 From: Max Mukhin X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: John Prince Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ICQ help References: <199906282228.RAA10196@mail.knight-trosoft.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG no problems at all here is my configuration: auth - - - permit - - 10.0.0. - - - as you could see, my intranet is 10.0.0.0/24 -- hitower@don.sitek.net | ICQ 21050590 | Rostov-on-Don, Russia -----------------------+--------------+-------------------------------- PGP fingerprint: 2E26 C4FF 6940 1F7E 0188 1684 7B21 CF13 068D AE82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Jun 29 0:51:13 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 71EC114E94 for ; Tue, 29 Jun 1999 00:49:54 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA88128; Tue, 29 Jun 1999 10:48:25 +0300 (EEST) (envelope-from ru) Date: Tue, 29 Jun 1999 10:48:25 +0300 From: Ruslan Ermilov To: John Prince Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ICQ help Message-ID: <19990629104825.B76311@relay.ucb.crimea.ua> References: <199906272205.RAA09143@mail.knight-trosoft.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="LZvS9be/3tNcYl/X" X-Mailer: Mutt 0.95.3i In-Reply-To: <199906272205.RAA09143@mail.knight-trosoft.com>; from John Prince on Sun, Jun 27, 1999 at 05:05:29PM -0500 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii On Sun, Jun 27, 1999 at 05:05:29PM -0500, John Prince wrote: > Hello.. > I was curious, does anyone have any suggestions, in making ICQ work > with Nat? I just switched my customers, and have received a few > complaints. AIM seems to work. > Any help is appreciated. > Thanks, > --john > I run ICQ under NAT. Following is my configuration. You'll need to assign a particular port range (minimum 12) for each ICQ client. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="natd.conf" # # Network Address Translation Daemon # # $Id: natd.conf,v 1.14 1999/01/25 14:03:56 ru Exp $ # # Logging to /var/log/alias.log log no # Incoming connections. deny_incoming no # Use sockets to avoid port clashes. use_sockets yes # Avoid port changes if possible. same_ports yes # Verbose mode. Enables dumping of packets and disables forking to background. verbose no # Divert port. Can be a name in /etc/services or numeric value. port 6668 # Interface name or address being aliased. Either one, not both is required. alias_address x.y.z.5 # Alias unregistered addresses or all addresses. unregistered_only yes # ICQ Redirections redirect_port tcp 192.168.1.13:10000-10011 10000-10011 redirect_port tcp 192.168.1.22:10100-10111 10100-10111 redirect_port tcp 192.168.4.34:10200-10211 10200-10211 [...] redirect_port tcp 192.168.1.23:11100-11111 11100-11111 --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rc.firewall" [...] IPFW=/sbin/ipfw # IP firewall controlling utility SYSCTL=/usr/sbin/sysctl # Get or set kernel state program IP_SPACE=x.y.z.0/28 # IP space INTRANET=192.168.0.0/16 # Intranet ALIAS_IP=x.y.z.5 # Alias IP ALIAS_FOR="1.12 1.13 1.14 1.16 1.22 1.23 1.24 1.29 4.34 4.35 4.36 3.14" # Change default port range ${SYSCTL} -w net.inet.ip.portrange.first=49152 ${SYSCTL} -w net.inet.ip.portrange.last=65535 # Flush ${IPFW} -f flush # Loopback connectivity ${IPFW} add allow ip from any to any via lo0 ${IPFW} add deny ip from any to 127.0.0.0/8 # IP aliasing for i in ${ALIAS_FOR}; do # Skip aliasing if the destination is local ${IPFW} add allow ip from 192.168.$i to ${INTRANET} ${IPFW} add allow ip from 192.168.$i to ${IP_SPACE} # Do aliasing ${IPFW} add divert 6668 udp from 192.168.$i to any 4000 ${IPFW} add reject tcp from 192.168.$i to any 3128,8080 ${IPFW} add divert 6668 tcp from 192.168.$i to any 1024-,119 ${IPFW} add divert 6668 udp from 192.168.$i to any 1024- done # Try to de-alias ${IPFW} add divert 6668 ip from any to ${ALIAS_IP} # Ignore failed ICQ server responses ${IPFW} add deny udp from any 4000 to ${ALIAS_IP} # Deny & log everything that isn't de-aliased ${IPFW} add deny log ip from any to ${ALIAS_IP} # Allow TCP through if setup succeeded ${IPFW} add allow tcp from any to any established [...] --LZvS9be/3tNcYl/X-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 8:52: 0 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from dpx20.tu-varna.acad.bg (unknown [194.12.234.4]) by hub.freebsd.org (Postfix) with ESMTP id C48C514F31 for ; Thu, 1 Jul 1999 08:51:41 -0700 (PDT) (envelope-from root@www.koral.bg) Received: from www.bgzone.com (ns.bgzone.com [194.12.235.81]) by dpx20.tu-varna.acad.bg (8.9.3/8.9.3) with ESMTP id SAA49470 for ; Thu, 1 Jul 1999 18:49:04 +0300 Received: from www.koral.bg (koral [194.12.235.94]) by www.bgzone.com (8.8.8/8.8.5) with ESMTP id RAA06487 for ; Thu, 1 Jul 1999 17:50:30 +0300 (EEST) Received: from www (localhost [127.0.0.1]) by www.koral.bg (8.9.2/8.8.5) with ESMTP id SAA00985 for ; Thu, 1 Jul 1999 18:52:06 +0300 (EEST) Message-Id: <199907011552.SAA00985@www.koral.bg> X-Mailer: exmh version 2.0.2 2/24/98 To: freebsd-ipfw@freebsd.org Subject: strange things Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 01 Jul 1999 18:52:06 +0300 From: Dimitar Peikov Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I installed FreeBSD 3.1 serving as a gateway for our private network (ethernet - ed0) to Inet(ppp0). Last 2-3 days I found strange behavior of that host. I can establish connection to any host I want to, even from local network to Inet. When system boots, everything is ok, but after several hours no one from Inet cannot connect to me if they want to create the connection. I've use natd to transport local IP to the Inet dealing convertion using modem IP. Here is my ipfw rules: 00100 allow ip from any to any via lo0 00100 divert ip from any to any via ppp0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 allow ip from any to any I can't understand whats up! It's funny that several hours everything is ok..... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 11:41:36 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from zool.interaccess.com (zool.interaccess.com [198.80.1.33]) by hub.freebsd.org (Postfix) with ESMTP id 83F911558A for ; Thu, 1 Jul 1999 11:41:29 -0700 (PDT) (envelope-from sjarntzen@esi-il.com) Received: from esi-il.com (dplx@localhost) by zool.interaccess.com (8.8.3/8.7.5) with UUCP id NAA28541 for FreeBSD.ORG!freebsd-ipfw; Thu, 1 Jul 1999 13:05:05 -0500 (CDT) Received: from sjarntzen.esi-il.com (sjarntzen [192.168.0.5]) by dplx.esi-il.com (8.8.5/8.8.5) with SMTP id NAA15190 for ; Thu, 1 Jul 1999 13:11:44 -0500 Received: by sjarntzen.esi-il.com with Microsoft Mail id <01BEC3C3.60D651D0@sjarntzen.esi-il.com>; Thu, 1 Jul 1999 13:12:32 -0500 Message-ID: <01BEC3C3.60D651D0@sjarntzen.esi-il.com> From: Steve Arntzen To: "'freebsd-ipfw@FreeBSD.ORG'" Subject: FW: strange things - Dimitar Peikov Date: Thu, 1 Jul 1999 13:12:31 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Not that it is the fix for your problem, But since you are using ppp, why not let it do the IP masquerading for you. Use "alias enable yes" in the default section of your ppp.conf file. You won't need to use natd then. It seemed like the easier way to do the same thing. Works fine for us. Steve Arntzen Computer Systems Administrator Engineering Systems Inc. Aurora, IL sjarntzen@esi-il.com ---------- From: Dimitar Peikov[SMTP:root@www.koral.bg] Sent: Thursday, July 01, 1999 10:52 AM To: freebsd-ipfw@FreeBSD.ORG Subject: strange things I installed FreeBSD 3.1 serving as a gateway for our private network (ethernet - ed0) to Inet(ppp0). Last 2-3 days I found strange behavior of that host. I can establish connection to any host I want to, even from local network to Inet. When system boots, everything is ok, but after several hours no one from Inet cannot connect to me if they want to create the connection. I've use natd to transport local IP to the Inet dealing convertion using modem IP. Here is my ipfw rules: 00100 allow ip from any to any via lo0 00100 divert ip from any to any via ppp0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 allow ip from any to any I can't understand whats up! It's funny that several hours everything is ok..... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 16:43:52 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from the.oneinsane.net (the.oneinsane.net [207.113.133.228]) by hub.freebsd.org (Postfix) with ESMTP id 2EE2D14D94; Thu, 1 Jul 1999 16:43:48 -0700 (PDT) (envelope-from insane@lunatic.oneinsane.net) Received: from lunatic.oneinsane.net (insane@lunatic.oneinsane.net [207.113.133.231]) by the.oneinsane.net (8.9.3/8.9.3) with ESMTP id QAA18269; Thu, 1 Jul 1999 16:43:48 -0700 (PDT) Received: (from insane@localhost) by lunatic.oneinsane.net (8.9.3/8.9.3) id QAA22508; Thu, 1 Jul 1999 16:43:48 -0700 (PDT) (envelope-from insane) Date: Thu, 1 Jul 1999 16:43:48 -0700 From: "Ron 'The InSaNe One' Rosson" To: freebsd-ipfw@freebsd.org Cc: freebsd-net@freebsd.org Subject: NATD/VPN using -pptpalias Message-ID: <19990701164347.B22149@lunatic.oneinsane.net> Reply-To: Ron Rosson Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i X-Operating-System: FreeBSD lunatic.oneinsane.net 3.2-STABLE X-Opinion: What you read here is my IMHO X-Disclaimer: I am a firm believer in RTFM X-WWW: http://www.oneinsane.net X-PGP-KEY: http://www.oneinsane.net/~insane/insane-pgp5i.txt X-Uptime: 4:43PM up 16:40, 3 users, load averages: 0.09, 0.06, 0.01 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN connection from a client behind the NATD box to a Server out on the internet. At this time I am getting erro, timeout exceeded while waiting for reply. excerpt from rc.conf natd_enable="YES" natd_interface="ed0" natd_flags="-pptpalias 192.168.2.7" excerpt from rc.firewall if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then $fwcmd add divert natd all from any to any via ${natd_interface} fi edo is the line out to my cable modem and ed1 goes for my private network using addresses <192.168.x.x> If someone has this working I would be greatful to see how you did it. -- ------------------------------------------------------------------- Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was null and void ------------------------------------------------------------------- This person has performed an illegal operation and will be shot down. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 17:50:53 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from netsjcms01.i-drive.com (netsjcms01.i-drive.com [216.32.226.133]) by hub.freebsd.org (Postfix) with ESMTP id 361D715170; Thu, 1 Jul 1999 17:50:45 -0700 (PDT) (envelope-from christian@i-drive.com) Received: from win95.sung.org (goliath.sung.org.i-drive.com [216.102.91.184]) by netsjcms01.i-drive.com (8.9.3/8.9.3) with ESMTP id RAA01387; Thu, 1 Jul 1999 17:50:18 -0700 (PDT) (envelope-from christian@i-drive.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <19990701164347.B22149@lunatic.oneinsane.net> Date: Thu, 01 Jul 1999 17:50:17 -0700 (PDT) Organization: i-drive.com From: Christian Sung To: "Ron 'The InSaNe One' Rosson" Subject: RE: NATD/VPN using -pptpalias Cc: freebsd-net@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 01-Jul-99 Ron 'The InSaNe One' Rosson wrote: > I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN > connection > from a client behind the NATD box to a Server out on the internet. At this > time > I am getting erro, timeout exceeded while waiting for reply. > > excerpt from rc.conf > natd_enable="YES" > natd_interface="ed0" > natd_flags="-pptpalias 192.168.2.7" > > excerpt from rc.firewall > if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then > $fwcmd add divert natd all from any to any via ${natd_interface} > fi > > edo is the line out to my cable modem and ed1 goes for my private network > using > addresses <192.168.x.x> > --- Ron, Try this: natd_interface="ed0" # Public interface to use with natd. natd_flags="-u" and make sure NATD is started *BEFORE* loading up the firewall rules. I do so inside rc-firewall itself (it used to be started in rc.network, but that was too late in the startup process). It works like a charm for me :-) # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo 'Starting Network Address Translation daemon (natd)' natd ${natd_flags} ${natd_ifarg} fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo 'Starting Network Address Translation daemon (natd)' natd ${natd_flags} ${natd_ifarg} fi -christian Christian W. Sung =============================================================== PGP Key Fingerprint: F6E2 0372 F765 28B6 6D34 7DF4 A928 A7AF 59A0 04CD =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 23:47:38 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 4450B14F15 for ; Thu, 1 Jul 1999 23:47:08 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id JAA62958; Fri, 2 Jul 1999 09:45:09 +0300 (EEST) (envelope-from ru) Date: Fri, 2 Jul 1999 09:45:09 +0300 From: Ruslan Ermilov To: Dimitar Peikov Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: strange things Message-ID: <19990702094509.A61429@relay.ucb.crimea.ua> References: <199907011552.SAA00985@www.koral.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199907011552.SAA00985@www.koral.bg>; from Dimitar Peikov on Thu, Jul 01, 1999 at 06:52:06PM +0300 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jul 01, 1999 at 06:52:06PM +0300, Dimitar Peikov wrote: > I installed FreeBSD 3.1 serving as a gateway for our private network > (ethernet - ed0) to Inet(ppp0). Last 2-3 days I found strange behavior of that > host. I can establish connection to any host I want to, even from local > network to Inet. When system boots, everything is ok, but after several hours > no one from Inet cannot connect to me if they want to create the connection. > I've use natd to transport local IP to the Inet dealing convertion using modem > IP. Here is my ipfw rules: > 00100 allow ip from any to any via lo0 > 00100 divert ip from any to any via ppp0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > 65535 allow ip from any to any > > I can't understand whats up! It's funny that several hours everything is > ok..... Do you have a static IP address assigned to you by your ISP? Also, what's your ``natd'' command looks like? -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jul 1 23:58:12 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 784AA1516B for ; Thu, 1 Jul 1999 23:57:33 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id JAA65882; Fri, 2 Jul 1999 09:55:50 +0300 (EEST) (envelope-from ru) Date: Fri, 2 Jul 1999 09:55:50 +0300 From: Ruslan Ermilov To: Steve Arntzen Cc: "'freebsd-ipfw@FreeBSD.ORG'" Subject: Re: FW: strange things - Dimitar Peikov Message-ID: <19990702095550.C61429@relay.ucb.crimea.ua> References: <01BEC3C3.60D651D0@sjarntzen.esi-il.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <01BEC3C3.60D651D0@sjarntzen.esi-il.com>; from Steve Arntzen on Thu, Jul 01, 1999 at 01:12:31PM -0500 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG He is using pppd, not ppp. On Thu, Jul 01, 1999 at 01:12:31PM -0500, Steve Arntzen wrote: > Not that it is the fix for your problem, > But since you are using ppp, why not let > it do the IP masquerading for you. > > Use "alias enable yes" in the default > section of your ppp.conf file. You won't > need to use natd then. > > It seemed like the easier way to do the > same thing. Works fine for us. > > Steve Arntzen > Computer Systems Administrator > Engineering Systems Inc. > Aurora, IL > sjarntzen@esi-il.com -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Jul 2 0:43:42 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id BD37115299 for ; Fri, 2 Jul 1999 00:42:37 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA77986; Fri, 2 Jul 1999 10:40:19 +0300 (EEST) (envelope-from ru) Date: Fri, 2 Jul 1999 10:40:18 +0300 From: Ruslan Ermilov To: Dimitar Peikov Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: strange things Message-ID: <19990702104018.F61429@relay.ucb.crimea.ua> References: <19990702094509.A61429@relay.ucb.crimea.ua> <199907020730.KAA02978@www.koral.bg> <199907011552.SAA00985@www.koral.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199907011552.SAA00985@www.koral.bg>; from Dimitar Peikov on Thu, Jul 01, 1999 at 06:52:06PM +0300 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jul 01, 1999 at 06:52:06PM +0300, Dimitar Peikov wrote: > I installed FreeBSD 3.1 serving as a gateway for our private network > (ethernet - ed0) to Inet(ppp0). Last 2-3 days I found strange behavior of that > host. I can establish connection to any host I want to, even from local > network to Inet. When system boots, everything is ok, but after several hours > no one from Inet cannot connect to me if they want to create the connection. > I've use natd to transport local IP to the Inet dealing convertion using modem > IP. Here is my ipfw rules: > 00100 allow ip from any to any via lo0 > 00100 divert ip from any to any via ppp0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > 65535 allow ip from any to any > > I can't understand whats up! It's funny that several hours everything is > ok..... On Fri, Jul 02, 1999 at 10:30:25AM +0300, Dimitar Peikov wrote: > Yes, IP is static, and I start it : > natd -s -m -u -d -n ppp0 > Remove the ``-d'' flag from the ``natd'' command. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Jul 2 16: 6:10 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from the.oneinsane.net (the.oneinsane.net [207.113.133.228]) by hub.freebsd.org (Postfix) with ESMTP id 8F90614E67; Fri, 2 Jul 1999 16:06:00 -0700 (PDT) (envelope-from insane@lunatic.oneinsane.net) Received: from lunatic.oneinsane.net (insane@lunatic.oneinsane.net [207.113.133.231]) by the.oneinsane.net (8.9.3/8.9.3) with ESMTP id QAA14853; Fri, 2 Jul 1999 16:05:59 -0700 (PDT) Received: (from insane@localhost) by lunatic.oneinsane.net (8.9.3/8.9.3) id QAA67212; Fri, 2 Jul 1999 16:05:58 -0700 (PDT) (envelope-from insane) Date: Fri, 2 Jul 1999 16:05:58 -0700 From: "Ron 'The InSaNe One' Rosson" To: Joao Carlos Cc: freebsd-ipfw@freebsd.org, freebsd-stable@freebsd.org Subject: Re: NATD/VPN using -pptpalias Message-ID: <19990702160558.A66717@lunatic.oneinsane.net> Reply-To: Ron Rosson References: <19990701164347.B22149@lunatic.oneinsane.net> <000901bec4d8$1f12fa30$0400a8c0@bahianet.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: <000901bec4d8$1f12fa30$0400a8c0@bahianet.com.br>; from Joao Carlos on Fri, Jul 02, 1999 at 07:13:31PM -0300 X-Operating-System: FreeBSD lunatic.oneinsane.net 3.2-STABLE X-Opinion: What you read here is my IMHO X-Disclaimer: I am a firm believer in RTFM X-WWW: http://www.oneinsane.net X-PGP-KEY: http://www.oneinsane.net/~insane/insane-pgp5i.txt X-Uptime: 4:04PM up 1 day, 16:01, 4 users, load averages: 0.03, 0.05, 0.00 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Still no solution that works. I am still seeing if anyone else has any ideas. I have not given up. I am lucky to have an understandable client. TIA On Fri, 02 Jul 1999, Joao Carlos was heard blurting out: > Hi, io have the same problem as you and would like to know if you have > solved this. If yes, how did you do that??? > > Thanks in advance > > Joao Carlos > jcarlos@bahianet.com.br > > > > ----- Original Message ----- > From: Ron 'The InSaNe One' Rosson > To: > Cc: > Sent: Thursday, July 01, 1999 8:43 PM > Subject: NATD/VPN using -pptpalias > > > > I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN > connection > > from a client behind the NATD box to a Server out on the internet. At this > time > > I am getting erro, timeout exceeded while waiting for reply. > > > > excerpt from rc.conf > > natd_enable="YES" > > natd_interface="ed0" > > natd_flags="-pptpalias 192.168.2.7" > > > > excerpt from rc.firewall > > if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then > > $fwcmd add divert natd all from any to any via ${natd_interface} > > fi > > > > edo is the line out to my cable modem and ed1 goes for my private network > using > > addresses <192.168.x.x> > > > > If someone has this working I would be greatful to see how you did it. -- ------------------------------------------------------------------- Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was null and void ------------------------------------------------------------------- Stress is waking up screaming and you realize you haven't fallen asleep yet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message