Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Dec 1999 16:57:49 -0800
From:      "Nathaniel Schein" <nschein@prisa.com>
To:        "nat" <nat@unixlover.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: natd not working properly. firewall problem?
Message-ID:  <NDBBICKHJKPPFKPKPBFEGELCCOAA.nschein@prisa.com>
In-Reply-To: <001801bf3c5c$75bf6ac0$2d96183f@vedika>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.

------=_NextPart_000_0022_01BF3C1D.32A649A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Your natd interface should be "de1".
  -----Original Message-----
  From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of nat
  Sent: Wednesday, December 01, 1999 4:31 PM
  To: freebsd-questions@FreeBSD.ORG
  Subject: natd not working properly. firewall problem?


  I have set up natd by the manual. I have a cable modem and two
  nics. what i am trying to do is share the internet with other users
  on my LAN. The cable modem is currently setup on device de1
  properly and works for the "local" user.

  Now, throgh the clients I can only contact the network card (de1)
  that the cable modem is connected to. I cannot contact the outside
  network.

  The de0 interface is the one on the internal network and is set to
  192.168.0.1. All of the clients have this as the default router.

  these are my firewall settings (please tell me which ones are wrong):
  #Flush out the list before we begin.
  $fwcmd -f flush

  # divert
  $fwcmd add 1 divert natd from any to any via de0

  # allow by default
  $fwcmd add 65000 allow all from any to any

  # 50-99: trusted hosts
  $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224
  $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any
  $fwcmd add 52 allow ip from 24.1.183.147 to any
  $fwcmd add 53 allow ip from any to 24.1.183.147

  # 1000-1999: DoS/hack prevention
  $fwcmd add 1000 deny tcp from any to any 1080
  $fwcmd add 1001 deny tcp from any to any 12345
  $fwcmd add 1002 deny tcp from any to any 31337
  $fwcmd add 1003 deny tcp from any to any 111
  $fwcmd add 1004 deny tcp from any to any 87
  $fwcmd add 1005 deny tcp from any to any 2049
  $fwcmd add 1006 deny tcp from any to any 512
  $fwcmd add 1007 deny tcp from any to any 513
  $fwcmd add 1008 deny tcp from any to any 514
  $fwcmd add 1009 deny tcp from any to any 515
  $fwcmd add 1010 deny tcp from any to any 540

  *this is in the /etc/rc.firewall file.

  This is what i have set up for rc.conf:

  firewall_enable="YES"
  natd_enable="YES"
  natd_interface="de0"
  named_enable="YES"
  gateway_enable="YES"

  this is the output of the ifconfig -a command:

  de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
          inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
          ether 00:40:05:a2:c9:4b
          media: autoselect (10baseT/UTP) status: active
          supported media: autoselect 100baseTX <full-duplex> 100baseTX
  10baseT/UTP <full-duplex> 10baseT/UTP
  de1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
          inet 24.1.177.140 netmask 0xffffff00 broadcast 24.1.177.255
          ether 00:40:05:a2:c9:49
          media: autoselect (10baseT/UTP) status: active
          supported media: autoselect 100baseTX <full-duplex> 100baseTX
  10baseT/UTP <full-duplex> 10baseT/UTP
  lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
  tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
  sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
  ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
  lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
          inet 127.0.0.1 netmask 0xff000000

  This is the output of the netstat -rn command:

  Internet:
  Destination        Gateway            Flags     Refs     Use     Netif
Expire
  default            24.1.177.1         UGSc       14       55      de0
  24.1.177/24        link#1             UC          0        0      de0
  24.1.177.1         link#1             UHLW       14        0      de0
  127.0.0.1          127.0.0.1          UH          1        4      lo0
  192.168            link#2             UC          0        0      de1
  192.168.0.3        0:40:5:a3:38:a4    UHLW        2       76      de1
1183

  I think that is how you set it up.

  There is also one last strange thing that I think might be the problem.
  Right before it prints out gateway=yes it says tcpextensions=no.
  Im not sure what that means either.

  I am using the Cox@home network so please help me if you can.

  Thank you,

  nat

------=_NextPart_000_0022_01BF3C1D.32A649A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D555195600-02121999>Your=20
natd interface should be "de1".</SPAN></FONT></DIV>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
  <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B>=20
  owner-freebsd-questions@FreeBSD.ORG=20
  [mailto:owner-freebsd-questions@FreeBSD.ORG]<B>On Behalf Of=20
  </B>nat<BR><B>Sent:</B> Wednesday, December 01, 1999 4:31 =
PM<BR><B>To:</B>=20
  freebsd-questions@FreeBSD.ORG<BR><B>Subject:</B> natd not working =
properly.=20
  firewall problem?<BR><BR></DIV></FONT>
  <DIV><FONT size=3D2>
  <DIV><FONT size=3D2>I have set up natd by the manual. I have a cable =
modem and=20
  two</FONT></DIV>
  <DIV><FONT size=3D2>nics. what i am trying to do is share the internet =
with=20
  other users</FONT></DIV>
  <DIV><FONT size=3D2>on my LAN. The cable modem is currently setup on =
device=20
  de1</FONT></DIV>
  <DIV><FONT size=3D2>properly and works for the "local" =
user.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2>Now, throgh the clients I can only contact the =
network card=20
  (de1)</FONT></DIV>
  <DIV><FONT size=3D2>that the cable modem is connected to. I cannot =
contact the=20
  outside</FONT></DIV>
  <DIV><FONT size=3D2>network.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2>The de0 interface is the one on the internal =
network and is=20
  set to</FONT></DIV>
  <DIV><FONT size=3D2>192.168.0.1. All of the clients have this as the =
default=20
  router.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2>these are my firewall settings (please tell me =
which ones=20
  are wrong):</FONT></DIV>
  <DIV><FONT size=3D2>#Flush out the list before we begin.<BR>$fwcmd -f=20
  flush</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2># divert<BR>$fwcmd add 1 divert natd from any to =
any via=20
  de0</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2># allow by default<BR>$fwcmd add 65000 allow all =
from any to=20
  any</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2># 50-99: trusted hosts&nbsp;&nbsp; <BR>$fwcmd add =
50 allow=20
  ip from any to 207.171.202.198:255.255.255.224<BR>$fwcmd add 51 allow =
ip from=20
  207.171.202.198:255.255.255.224 to any<BR>$fwcmd add 52 allow ip from=20
  24.1.183.147 to any<BR>$fwcmd add 53 allow ip from any to=20
  24.1.183.147<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR># =
1000-1999:=20
  DoS/hack prevention<BR>$fwcmd add 1000 deny tcp from any to any =
1080<BR>$fwcmd=20
  add 1001 deny tcp from any to any 12345<BR>$fwcmd add 1002 deny tcp =
from any=20
  to any 31337<BR>$fwcmd add 1003 deny tcp from any to any 111<BR>$fwcmd =
add=20
  1004 deny tcp from any to any 87<BR>$fwcmd add 1005 deny tcp from any =
to any=20
  2049<BR>$fwcmd add 1006 deny tcp from any to any 512<BR>$fwcmd add =
1007 deny=20
  tcp from any to any 513<BR>$fwcmd add 1008 deny tcp from any to any=20
  514<BR>$fwcmd add 1009 deny tcp from any to any 515<BR>$fwcmd add 1010 =
deny=20
  tcp from any to any 540</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT size=3D2>*this is in the /etc/rc.firewall =
file.</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT size=3D2>This is what i have set up for =
rc.conf:</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT =
size=3D2>firewall_enable=3D"YES"<BR>natd_enable=3D"YES"&nbsp;&nbsp;=20
  <BR>natd_interface=3D"de0"<BR>named_enable=3D"YES"&nbsp;=20
  <BR>gateway_enable=3D"YES"</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT size=3D2>this is&nbsp;the&nbsp;output of the ifconfig -a=20
  command:</FONT></DIV>
  <DIV><FONT size=3D2>&nbsp;</DIV></FONT>
  <DIV><FONT size=3D2></FONT>de0:=20
  flags=3D8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu=20
  1500<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet 192.168.0.1 =
netmask=20
  0xffffff00 broadcast=20
  192.168.0.255<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ether=20
  00:40:05:a2:c9:4b<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; media: =

  autoselect (10baseT/UTP) status:=20
  active<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; supported media:=20
  autoselect 100baseTX &lt;full-duplex&gt; 100baseTX<BR>10baseT/UTP=20
  &lt;full-duplex&gt; 10baseT/UTP<BR>de1:=20
  flags=3D8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu=20
  1500<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet 24.1.177.140 =
netmask=20
  0xffffff00 broadcast=20
  24.1.177.255<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ether=20
  00:40:05:a2:c9:49<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; media: =

  autoselect (10baseT/UTP) status:=20
  active<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; supported media:=20
  autoselect 100baseTX &lt;full-duplex&gt; 100baseTX<BR>10baseT/UTP=20
  &lt;full-duplex&gt; 10baseT/UTP<BR>lp0:=20
  flags=3D8810&lt;POINTOPOINT,SIMPLEX,MULTICAST&gt; mtu 1500<BR>tun0:=20
  flags=3D8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500<BR>sl0:=20
  flags=3Dc010&lt;POINTOPOINT,LINK2,MULTICAST&gt; mtu 552<BR>ppp0:=20
  flags=3D8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500<BR>lo0:=20
  flags=3D8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; mtu=20
  16384<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet 127.0.0.1 =
netmask=20
  0xff000000<BR><BR>This is the output of the netstat -rn command:</DIV>
  <DIV>&nbsp;<FONT size=3D2></FONT></DIV>
  <DIV><FONT=20
  =
size=3D2>Internet:<BR>Destination&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;=20
  =
Gateway&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
=20
  Flags&nbsp;&nbsp;&nbsp;&nbsp; Refs&nbsp;&nbsp;&nbsp;&nbsp;=20
  Use&nbsp;&nbsp;&nbsp;&nbsp; Netif=20
  =
Expire<BR>default&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;=20
  24.1.177.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  UGSc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  14&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
55&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  de0<BR>24.1.177/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
link#1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
  UC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  de0<BR>24.1.177.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
link#1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
  UHLW&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  14&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  de0<BR>127.0.0.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  127.0.0.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  UH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
lo0<BR>192.168&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;=20
  =
link#2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
  UC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  de1<BR>192.168.0.3&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  0:40:5:a3:38:a4&nbsp;&nbsp;&nbsp;=20
  UHLW&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 76&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  de1&nbsp;&nbsp; 1183</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2>I think that is how you set it up. </FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT size=3D2>There is also one last strange thing that I think =
might be=20
  the problem.</FONT></DIV>
  <DIV><FONT size=3D2>Right before it prints out gateway=3Dyes it says=20
  tcpextensions=3Dno.</FONT></DIV>
  <DIV><FONT size=3D2>Im not sure what that means either.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=3D2>I am using the Cox@home network</FONT><FONT =
size=3D2> so=20
  please help me if you can.</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT size=3D2>Thank you,</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT =
size=3D2>nat</DIV></FONT></FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0022_01BF3C1D.32A649A0--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBICKHJKPPFKPKPBFEGELCCOAA.nschein>