Date: Sun, 20 Nov 2005 16:22:11 +0200 From: Deceased <deceased@webmail.vulcano.lt> To: freebsd-questions@freebsd.org Subject: pppoe + ipfw + natd and jails Message-ID: <43808693.3040904@webmail.vulcano.lt>
next in thread | raw e-mail | index | archive | help
Hi, I'm runnig fbsd as a router at home for dsl. Everything was runing fine until one day. Suddenly all pcs in lan stoped opening foreign web pages and connecting to foreign hosts, though I could ping those hosts. That seemd like isp problem so i called them and they said everything is fine. So I started to mess around with ipfw rules. So heres my conf.: dsl modem ^ | [tun0] [rl0] FBSD [bind jail with mldonkey] [squid jail] [rl1] | | ^ LAN The conf. of ipfw and natd that worked earlier #ipfw list 05000 divert 8668 ip from any to any via tun0 06000 allow ip from any to any 65535 deny ip from any to any #cat natd.conf dynamic yes same_ports yes use_sockets yes unregistered_only yes redirect_port tcp 192.168.0.253:4662 4662 redirect_port udp 192.168.0.253:4662 4662 redirect_port tcp 192.168.0.253:4672 4672 redirect_port udp 192.168.0.253:4672 4672 redirect_port tcp 192.168.0.253:6346 6346 redirect_port udp 192.168.0.253:6346 6346 redirect_port tcp 192.168.0.253:6347 6347 redirect_port udp 192.168.0.253:6347 6347 redirect_port tcp 192.168.0.253:6881-6889 6881-6889 redirect_port udp 192.168.0.253:6881-6889 6881-6889 redirect_port tcp 192.168.0.253:1214 1214 redirect_port tcp 192.168.0.253:9999 9999 redirect_port tcp 192.168.0.253:4444 4444 redirect_port udp 192.168.0.253:4444 4444 redirect_port udp 192.168.0.253:2234 2234 [192.168.0.253 is a bind jail with mldonkey] #cat rc.conf gateway_enable="YES" hostname="gw.anm.lan" ifconfig_pcn0="down" ifconfig_rl1="inet 192.168.0.254 netmask 255.255.255.0" ifconfig_rl0="up" ifconfig_tun0="up" ppp_enable="YES" ppp_profile="takas" ppp_mode="ddial" firewall_enable="YES" firewall_type="/etc/firewall/ipfw.rules" firewall_quiet="NO" natd_enable="YES" natd_interface="tun0" natd_flags="-f /etc/firewall/natd.conf" usbd_enable="NO" sendmail_enable="NONE" syslogd_flags="-b 192.168.0.254" IPs to jails aliased added when jail is starting. I use jailctl util for that. #jls JID IP Address Hostname Path 2 192.168.0.252 squid.anm.lan /usr/jails/squid.anm.lan 1 192.168.0.253 ns0.anm.lan /usr/jails/ns0.anm.lan Ok now to the problem solving. when i add this line to ipfw foreign pages are loaded, but mldonkey isn't able to connect: >>01000 allow ip from any to any 05000 divert 8668 ip from any to any via tun0 06000 allow ip from any to any 65535 deny ip from any to any so i used the handbook for ipfw and natd and came to this rule set: add 00020 allow all from any to any via rl1 add 00030 allow all from any to any via lo0 add 00100 divert natd ip from any to any in via tun0 add 00101 check-state add 00200 skipto 5000 all from any to any out via rl0 keep-state add 05000 divert natd ip from any to any out via tun0 add 06000 allow all from any to any add 65535 deny ip from any to any but everything is the same: foreign pages are not loaded, mldonkey is downloading. Thanks for help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43808693.3040904>