From owner-freebsd-ipfw Fri Sep 3 0:47:14 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from harrier.prod.itd.earthlink.net (harrier.prod.itd.earthlink.net [207.217.121.12]) by hub.freebsd.org (Postfix) with ESMTP id 1E82F14F9C; Fri, 3 Sep 1999 00:47:07 -0700 (PDT) (envelope-from dlow3@earthlink.net) Received: from earthlink.net (CBL-dlow3.hs.earthlink.net [209.178.107.75]) by harrier.prod.itd.earthlink.net (8.9.3/8.9.3) with ESMTP id AAA08525; Fri, 3 Sep 1999 00:46:01 -0700 (PDT) Message-ID: <37CF7CF0.AD0B0A4F@earthlink.net> Date: Fri, 03 Sep 1999 00:46:57 -0700 From: Derrick X-Mailer: Mozilla 4.08 [en] (X11; I; FreeBSD 3.2-STABLE i386) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Help with masquerading hybrid cable modem connection Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am having trouble masquerading my hybrid cable modem connection in FreeBSD. By hybrid, I mean it uses a normal analog ppp account to dial out for uploads (it's an Earthlink account, by the way) and a Com21 cable modem for the downloads. They haven't yet implemented the two-way on the cable connection yet. You dial ppp as normal and it gives you your ip automatically. It's not a normal account, it automatically uses your ethernet card for downloading somehow. In FreeBSD I can connect fine (I can't even get it working in Linux) but I am having trouble masquerading. Is it even possible to masquerade this kind of hybrid connection in FreeBSD? I have IPFIREWALL, IPDIVERT, and IPFIREWALL_DEFAULT_TO_ACCEPT in my kernel config. I've tried natd -n ed1 and natd -n tun0. I've tried dialing ppp with and without the -alias flag. I've tried: ipfw add divert natd all from any to any via ed1 I've tried: ipfw add divert natd all from any to any via tun0 And I've tried: ipfw add 100 divert natd ip from any to any out recv ed1 xmit tun0 None of these seems to work, what am I doing wrong? Please help! Any info would be helpful. Thanks in advance. Derrick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Sep 3 15:14:52 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from www.notrecords.com (228-121.ppp.ripco.net [209.100.228.121]) by hub.freebsd.org (Postfix) with ESMTP id 3B3E314D54 for ; Fri, 3 Sep 1999 15:14:39 -0700 (PDT) (envelope-from aphor@ripco.NOSPAM.com) Received: from ripco.NOSPAM.com (localhost [127.0.0.1]) by www.notrecords.com (8.9.3/8.9.3) with ESMTP id RAA06834; Fri, 3 Sep 1999 17:14:13 -0500 (CDT) (envelope-from aphor@ripco.NOSPAM.com) Message-ID: <37D04831.DFA04B3F@ripco.NOSPAM.com> Date: Fri, 03 Sep 1999 17:14:09 -0500 From: Jeremy McMillan Reply-To: aphor@ripco.NOSPAM.com Organization: Loose.. X-Mailer: Mozilla 4.6 [en] (X11; I; FreeBSD 3.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Derrick Cc: freebsd-ipfw@freebsd.org Subject: Re: Help with masquerading hybrid cable modem connection References: <37CF7CF0.AD0B0A4F@earthlink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is there a newbies' IP FAQ somewhere? This guy (and a LOT of people trying to set up NAT boxen in general) is way over his head. A basic concept of IP is that your computer, and any router/gateway, and the server out there all arbitrate the path each IP packet takes. If there are multiple paths, packets for one network session can be sent down every one of those paths. When (and if) the destination host gets the packets, they will probably be in the wrong order. Imagine packets are a deck of cards. One word of an email is written on each card from the ace, to the two, three, four, etc.. Several dealers all shuffle and cut and pass portions of the deck around amongs themselves in a random way, but each time a card comes your way you grab it and sort your pile. Like solitaire, you have to make piles of cards in exact sequence, which you can read your email from. There is a dealer on the other side of your cablemodem to give you lots of cards quickly, but he will never take any cards from you. Across your modem, there is another dealer who will take cards from you, but he deals s l o w l y . Routes: Lucky for you, the crowd of dealers out there gets told (by your ISP) that the fast dealer is the only guy who knows how to reach you. You, on the other hand know that the modem guy is how you reach the outside world. ipfw: Standard firewall rulesets are deny-by-default, meaning if you don't explicitly OK it, it gets dropped. These often assume you have *one* legitimate route to the Internet. You may have to add rules to accomodate the dual-homed connection to the Internet. This includes rules which divert packets to the NAT daemon. NAT: It doesn't care unless you're doing funky static NAT... -- PLEASE NOTICE: THERE MAY BE NOSPAM IN THE HEADERS WHEN YOU HIT "REPLY"!!! Jeremy McMillan | Ask for PGP-2.6.2 or 5.0i Chicago FreeBSD Users Group http://pages.ripco.com/~aphor/ChiFUG.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message