Date: Thu, 16 Sep 1999 15:26:45 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: freebsd-isp@FreeBSD.ORG, vic@rezekne.lv Subject: Re: What am I doing wrong? Message-ID: <199909162226.PAA04452@pau-amma.whistle.com> In-Reply-To: <37E164BE.BAECADE0@rezekne.lv>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Fri, 17 Sep 1999 00:44:30 +0300
>From: Victor Meirans <vic@rezekne.lv>
>Hello...
>I need to set up a FreeBSD (3.2-RELEASE) router with NAT. 2 NICs.
OK; I do something similar for home, except that I have only a single
(fixed) external IP address (and no separate router -- DSL). And mine
seems to work. :-}
>1. Compiled kernel with
> options IPFIREWALL
> options IPDIVERT
I included IPFIREWALL_FORWARD (as well as IPFIREWALL_VERBOSE -- but the
latter is because I reject anything unless I decided that I want to pass
it).
>2. My rc.conf is
> moused_port="/dev/psm0"
> moused_enable="YES"
> saver="logo"
> gateway_enable="YES"
> firewall_enable="YES"
> natd_enable="YES"
> natd_interface="ed1"
> natd_flags="-f /etc/natd.conf"
Those natd_* variables should cause /etc/rc.network to bring up natd;
you mention (below) that you start up natd in rc.local, but I don't
think that should be necessary (or desirable).
> hostname="ufo.blezurs.lv"
> ifconfig_ed2="inet 192.168.1.254 netmask 255.255.255.0"
> ifconfig_ed1="inet 159.148.42.242 netmask 255.255.255.252"
> defaultrouter="159.148.42.241"
> network_interfaces="ed2 ed1 lo0"
> linux_enable="YES"
> ntpdate_enable="YES"
> ntpdate_flags="Time1.Stupi.SE"
> named_enable="YES"
>3. My rc.firewall is
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via ed1
> /sbin/ipfw add pass all from any to any
>4. My rc.local just runs natd
> natd -f /etc/natd.conf
As above, I don't believe you want this happening at this point.
rc.network should be doing it.
>5. My natd.conf is
> interface ed1
> use_sockets yes
> same_ports yes
> dinamic yes
Hmmm.... I haven't tried using the "dynamic" (note spelling) option.
Other than some "redirect_port" options, the entries I have are:
use_sockets yes
same_ports yes
>That's all. Nothing works. I can't ping the router nor I can ping local
>addresses. Am I missing something? Is something misconfigured?
Well, what do the routing tables ("netstat -nr") look like? The
interface configurations? ("ifconfig -a") Are you seeing any messages
getting logged anywhere? Have you tried turning on tcpdump to see
what's happening?
Cheers,
david
--
David Wolfskill dhw@whistle.com UNIX System Administrator
voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909162226.PAA04452>