From owner-freebsd-questions Wed Dec 1 19:12:39 1999 Delivered-To: freebsd-questions@freebsd.org Received: from spamraaa.compuserve.com (as-img-rel-1.compuserve.com [149.174.217.142]) by hub.freebsd.org (Postfix) with ESMTP id 5866D14F4C for ; Wed, 1 Dec 1999 19:12:33 -0800 (PST) (envelope-from nat@unixlover.com) Received: (from mailgate@localhost) by spamraaa.compuserve.com (8.9.3/8.9.3/SUN-REL-1.1) id WAA10345 for freebsd-questions@freebsd.org; Wed, 1 Dec 1999 22:11:39 -0500 (EST) Received: from cx272244a (cx272244-a.orng1.occa.home.com [24.1.177.149]) by spamraaa.compuserve.com (8.9.3/8.9.3/SUN-REL-1.1) with SMTP id WAA10250; Wed, 1 Dec 1999 22:11:35 -0500 (EST) Message-ID: <000701bf3c72$c630f9e0$0300a8c0@orng1.occa.home.com> From: "nat" To: "William Wong" , "Nathaniel Schein" , References: <005101bf3c6b$d1345be0$2d96183f@vedika> <002101bf3c71$21a389c0$0300a8c0@anime.ca> Subject: Re: natd not working properly. firewall problem? Date: Wed, 1 Dec 1999 19:10:21 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I just tried that and it doesnt work. still. de1 is connected to the cable modem. that is the setting i already have too. > Someone posted earlier about changing: > natd_interface="de0" > to > natd_interface="de1" > > change > $fwcmd add 1 divert natd from any to any via de0 > to > $fwcmd add divert natd all from any to any via ${natd_interface} > ----- Original Message ----- > From: "nat" > To: "Nathaniel Schein" ; > Sent: Wednesday, December 01, 1999 9:20 PM > Subject: Re: natd not working properly. firewall problem? > > > > I have pseudo-device bpfilter 5 > > > > when i change it to 4 and compile the kernel.. then restart > > the cable modem does not work on the local machine. > > > > > Did you compile the kernel with: > > > > > > options IPFIREWALL #firewall > > > options IPDIVERT #divert sockets > > > pseudo-device bpfilter 4 #Berkeley packet filter > > > > > > Also make sure you have proper connectivity with both networks and add > > > > > > firewall_type="OPEN" > > > > > > to the /etc/rc.conf > > > > > > -----Original Message----- > > > From: owner-freebsd-questions@FreeBSD.ORG > > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of nat > > > Sent: Wednesday, December 01, 1999 5:05 PM > > > To: Nathaniel Schein; freebsd-questions@FreeBSD.ORG > > > Subject: Re: natd not working properly. firewall problem? > > > > > > > > > i did that and it is still not working. please help I have a dead > > > line to set up this network. > > > > > > > > > Your natd interface should be "de1". > > > -----Original Message----- > > > From: owner-freebsd-questions@FreeBSD.ORG > > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of nat > > > Sent: Wednesday, December 01, 1999 4:31 PM > > > To: freebsd-questions@FreeBSD.ORG > > > Subject: natd not working properly. firewall problem? > > > > > > > > > I have set up natd by the manual. I have a cable modem and two > > > nics. what i am trying to do is share the internet with other users > > > on my LAN. The cable modem is currently setup on device de1 > > > properly and works for the "local" user. > > > > > > Now, throgh the clients I can only contact the network card (de1) > > > that the cable modem is connected to. I cannot contact the outside > > > network. > > > > > > The de0 interface is the one on the internal network and is set to > > > 192.168.0.1. All of the clients have this as the default router. > > > > > > these are my firewall settings (please tell me which ones are wrong): > > > #Flush out the list before we begin. > > > $fwcmd -f flush > > > > > > # divert > > > $fwcmd add 1 divert natd from any to any via de0 > > > > > > # allow by default > > > $fwcmd add 65000 allow all from any to any > > > > > > # 50-99: trusted hosts > > > $fwcmd add 50 allow ip from any to 207.171.202.198:255.255.255.224 > > > $fwcmd add 51 allow ip from 207.171.202.198:255.255.255.224 to any > > > $fwcmd add 52 allow ip from 24.1.183.147 to any > > > $fwcmd add 53 allow ip from any to 24.1.183.147 > > > > > > # 1000-1999: DoS/hack prevention > > > $fwcmd add 1000 deny tcp from any to any 1080 > > > $fwcmd add 1001 deny tcp from any to any 12345 > > > $fwcmd add 1002 deny tcp from any to any 31337 > > > $fwcmd add 1003 deny tcp from any to any 111 > > > $fwcmd add 1004 deny tcp from any to any 87 > > > $fwcmd add 1005 deny tcp from any to any 2049 > > > $fwcmd add 1006 deny tcp from any to any 512 > > > $fwcmd add 1007 deny tcp from any to any 513 > > > $fwcmd add 1008 deny tcp from any to any 514 > > > $fwcmd add 1009 deny tcp from any to any 515 > > > $fwcmd add 1010 deny tcp from any to any 540 > > > > > > *this is in the /etc/rc.firewall file. > > > > > > This is what i have set up for rc.conf: > > > > > > firewall_enable="YES" > > > natd_enable="YES" > > > natd_interface="de0" > > > named_enable="YES" > > > gateway_enable="YES" > > > > > > this is the output of the ifconfig -a command: > > > > > > de0: flags=8843 mtu 1500 > > > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > > > ether 00:40:05:a2:c9:4b > > > media: autoselect (10baseT/UTP) status: active > > > supported media: autoselect 100baseTX 100baseTX > > > 10baseT/UTP 10baseT/UTP > > > de1: flags=8843 mtu 1500 > > > inet 24.1.177.140 netmask 0xffffff00 broadcast 24.1.177.255 > > > ether 00:40:05:a2:c9:49 > > > media: autoselect (10baseT/UTP) status: active > > > supported media: autoselect 100baseTX 100baseTX > > > 10baseT/UTP 10baseT/UTP > > > lp0: flags=8810 mtu 1500 > > > tun0: flags=8010 mtu 1500 > > > sl0: flags=c010 mtu 552 > > > ppp0: flags=8010 mtu 1500 > > > lo0: flags=8049 mtu 16384 > > > inet 127.0.0.1 netmask 0xff000000 > > > > > > This is the output of the netstat -rn command: > > > > > > Internet: > > > Destination Gateway Flags Refs Use Netif > > > Expire > > > default 24.1.177.1 UGSc 14 55 de0 > > > 24.1.177/24 link#1 UC 0 0 de0 > > > 24.1.177.1 link#1 UHLW 14 0 de0 > > > 127.0.0.1 127.0.0.1 UH 1 4 lo0 > > > 192.168 link#2 UC 0 0 de1 > > > 192.168.0.3 0:40:5:a3:38:a4 UHLW 2 76 de1 > > 1183 > > > > > > I think that is how you set it up. > > > > > > There is also one last strange thing that I think might be the problem. > > > Right before it prints out gateway=yes it says tcpextensions=no. > > > Im not sure what that means either. > > > > > > I am using the Cox@home network so please help me if you can. > > > > > > Thank you, > > > > > > nat > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message