From owner-freebsd-questions@FreeBSD.ORG Sun Jul 18 16:44:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A2FA16A4CF for ; Sun, 18 Jul 2004 16:44:35 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11A4243D41 for ; Sun, 18 Jul 2004 16:44:35 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64]) by internet.potentialtech.com (Postfix) with ESMTP id 262E469A39; Sun, 18 Jul 2004 12:44:34 -0400 (EDT) Date: Sun, 18 Jul 2004 12:44:32 -0400 From: Bill Moran To: bkhl@elektrubadur.se (=?ISO-8859-1?Q?Bj=F6rn_Lindstr=F6m?=) Message-Id: <20040718124432.56a7b923.wmoran@potentialtech.com> In-Reply-To: References: Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: freebsd-questions@freebsd.org Subject: Re: NAT trouble X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2004 16:44:35 -0000 bkhl@elektrubadur.se (Bj=F6rn Lindstr=F6m) wrote: > I'm having some trouble to get NAT working on the Internet gateway of my > home LAN. >=20 > Here's my setup: >=20 > I have compiled a kernel with the following options added: >=20 > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=3D10 > options IPDIVERT >=20 > I have these relevant settings in my rc.conf: >=20 > gateway_enable=3D"YES" > firewall_enable=3D"YES" > firewall_type=3D"OPEN" > natd_enable=3D"YES" > natd_interface=3D"tun0" > natd_flags=3D"-f /etc/natd.conf" >=20 > (Where tun0 is the interface of my ADSL connection.) Is tun0 the real interface? > My natd.conf only contains this line: >=20 > redirect_port tcp 192.168.0.2:15000 15000 >=20 > Now, when I reboot, ipfw show shows this: >=20 > 00050 0 0 divert 8668 ip from any to any via tun0 > 00100 182 15680 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 11015 3073646 allow ip from any to any > 65535 4 236 deny ip from any to any >=20 >=20 > Here are the problems: >=20 > * ps ax|grep natd shows that natd is not running. What happens if you start it manually? Are there any entries in /var/log/messages to tell you why it didn't start automatically? Looking at the output at system startup, there should be some indication of why natd didn't start. > * While I still cat get to the gateway from the inside, connections to > the Net doesn't work, until I 'ipfw delete 00050'. Are you saying that your internal machines _can_ get to the net when you delete that rule? If so, then you don't need nat, and you need to reconsider your configuration. --=20 Bill Moran Potential Technologies http://www.potentialtech.com