Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Dec 1999 19:10:21 -0800
From:      "nat" <nat@unixlover.com>
To:        "William Wong" <willwong@anime.ca>, "Nathaniel Schein" <nschein@prisa.com>, <freebsd-questions@freebsd.org>
Subject:   Re: natd not working properly. firewall problem?
Message-ID:  <000701bf3c72$c630f9e0$0300a8c0@orng1.occa.home.com>
References:  <NDBBICKHJKPPFKPKPBFEEELDCOAA.nschein@prisa.com> <005101bf3c6b$d1345be0$2d96183f@vedika> <002101bf3c71$21a389c0$0300a8c0@anime.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
I just tried that and it doesnt work. still.
de1 is connected to the cable modem.
that is the setting i already have too.

> Someone posted earlier about changing:
> natd_interface="de0"
> to
> natd_interface="de1"
>
> change
> $fwcmd add 1 divert natd from any to any via de0
> to
> $fwcmd add divert natd all from any to any via ${natd_interface}
> ----- Original Message -----
> From: "nat" <nat@unixlover.com>
> To: "Nathaniel Schein" <nschein@prisa.com>;
<freebsd-questions@FreeBSD.ORG>
> Sent: Wednesday, December 01, 1999 9:20 PM
> Subject: Re: natd not working properly. firewall problem?
>
>
> > I have pseudo-device bpfilter 5
> >
> > when i change it to 4 and compile the kernel.. then restart
> > the cable modem does not work on the local machine.
> >
> > > Did you compile the kernel with:
> > >
> > > options         IPFIREWALL              #firewall
> > > options         IPDIVERT                #divert sockets
> > > pseudo-device   bpfilter 4      #Berkeley packet filter
> > >
> > > Also make sure you have proper connectivity with both networks and add
> > >
> > > firewall_type="OPEN"
> > >
> > > to the /etc/rc.conf
> > >
> > > -----Original Message-----
> > > From: owner-freebsd-questions@FreeBSD.ORG
> > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of nat
> > > Sent: Wednesday, December 01, 1999 5:05 PM
> > > To: Nathaniel Schein; freebsd-questions@FreeBSD.ORG
> > > Subject: Re: natd not working properly. firewall problem?
> > >
> > >
> > > i did that and it is still not working. please help I have a dead
> > > line to set up this network.
> > >
> > >
> > > Your natd interface should be "de1".
> > > -----Original Message-----
> > > From: owner-freebsd-questions@FreeBSD.ORG
> > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of nat
> > > Sent: Wednesday, December 01, 1999 4:31 PM
> > > To: freebsd-questions@FreeBSD.ORG
> > > Subject: natd not working properly. firewall problem?
> > >
> > >
> > > I have set up natd by the manual. I have a cable modem and two
> > > nics. what i am trying to do is share the internet with other users
> > > on my LAN. The cable modem is currently setup on device de1
> > > properly and works for the "local" user.
> > >
> > > Now, throgh the clients I can only contact the network card (de1)
> > > that the cable modem is connected to. I cannot contact the outside
> > > network.
> > >
> > > The de0 interface is the one on the internal network and is set to
> > > 192.168.0.1. All of the clients have this as the default router.
> > >
> > > these are my firewall settings (please tell me which ones are wrong):
> > > #Flush out the list before we begin.
> > > $fwcmd -f flush
> > >
> > > # divert
> > > $fwcmd add 1 divert natd from any to any via de0
> > >
> > > # allow by default
> > > $fwcmd add 65000 allow all from any to any
> > >
> > > # 50-99: trusted hosts
> > > $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224
> > > $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any
> > > $fwcmd add 52 allow ip from 24.1.183.147 to any
> > > $fwcmd add 53 allow ip from any to 24.1.183.147
> > >
> > > # 1000-1999: DoS/hack prevention
> > > $fwcmd add 1000 deny tcp from any to any 1080
> > > $fwcmd add 1001 deny tcp from any to any 12345
> > > $fwcmd add 1002 deny tcp from any to any 31337
> > > $fwcmd add 1003 deny tcp from any to any 111
> > > $fwcmd add 1004 deny tcp from any to any 87
> > > $fwcmd add 1005 deny tcp from any to any 2049
> > > $fwcmd add 1006 deny tcp from any to any 512
> > > $fwcmd add 1007 deny tcp from any to any 513
> > > $fwcmd add 1008 deny tcp from any to any 514
> > > $fwcmd add 1009 deny tcp from any to any 515
> > > $fwcmd add 1010 deny tcp from any to any 540
> > >
> > > *this is in the /etc/rc.firewall file.
> > >
> > > This is what i have set up for rc.conf:
> > >
> > > firewall_enable="YES"
> > > natd_enable="YES"
> > > natd_interface="de0"
> > > named_enable="YES"
> > > gateway_enable="YES"
> > >
> > > this is the output of the ifconfig -a command:
> > >
> > > de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > >         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
> > >         ether 00:40:05:a2:c9:4b
> > >         media: autoselect (10baseT/UTP) status: active
> > >         supported media: autoselect 100baseTX <full-duplex> 100baseTX
> > > 10baseT/UTP <full-duplex> 10baseT/UTP
> > > de1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > >         inet 24.1.177.140 netmask 0xffffff00 broadcast 24.1.177.255
> > >         ether 00:40:05:a2:c9:49
> > >         media: autoselect (10baseT/UTP) status: active
> > >         supported media: autoselect 100baseTX <full-duplex> 100baseTX
> > > 10baseT/UTP <full-duplex> 10baseT/UTP
> > > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> > > tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> > > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> > > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> > >         inet 127.0.0.1 netmask 0xff000000
> > >
> > > This is the output of the netstat -rn command:
> > >
> > > Internet:
> > > Destination        Gateway            Flags     Refs     Use     Netif
> > > Expire
> > > default            24.1.177.1         UGSc       14       55      de0
> > > 24.1.177/24        link#1             UC          0        0      de0
> > > 24.1.177.1         link#1             UHLW       14        0      de0
> > > 127.0.0.1          127.0.0.1          UH          1        4      lo0
> > > 192.168            link#2             UC          0        0      de1
> > > 192.168.0.3        0:40:5:a3:38:a4    UHLW        2       76      de1
> > 1183
> > >
> > > I think that is how you set it up.
> > >
> > > There is also one last strange thing that I think might be the
problem.
> > > Right before it prints out gateway=yes it says tcpextensions=no.
> > > Im not sure what that means either.
> > >
> > > I am using the Cox@home network so please help me if you can.
> > >
> > > Thank you,
> > >
> > > nat
> > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> > >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701bf3c72$c630f9e0$0300a8c0>