From owner-freebsd-questions Wed Oct 10 18:29:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id 86DE537B406 for ; Wed, 10 Oct 2001 18:29:51 -0700 (PDT) Received: from acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id f9B1UCh12631 for ; Wed, 10 Oct 2001 21:30:12 -0400 (EDT) Received: (from leblanc@localhost) by acadia.ne.mediaone.net (8.11.6/8.11.6) id f9B1ThN01198 for freebsd-questions@FreeBSD.org; Wed, 10 Oct 2001 21:29:43 -0400 (EDT) (envelope-from leblanc) Date: Wed, 10 Oct 2001 21:29:43 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org Subject: IPFW, natd, and one big headache Message-ID: <20011010212942.A1037@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: freebsd-questions@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.3.22.1i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok, I'm ready to lose it here. I finally have a firewall that doesn't appear to close anything off, and I know it opens those things I want opened, like outgoing ping, traceroute, incoming HTTP, HTTPS, IMAP, SMTP, etc. I take the script and source it one everything is up and dhclient is set, and it's all good. But that's only if I start up with an open firewall. Anything else and I never get the dhcp lease handled. I see it on the startup screen, but it fails. I get a TIMEOUT or MEDIUM from dhclient-exit-hooks in the dhclient.debug log. According to the dhclient-script manpage, I'm supposed to set a medium type for the interface in $interface to the medium type in $medium. Unfortunately, I haven't a clue what this means. When the process works, the medium type on my dhcp interface is set to Ethernet autoselect (10baseT/UTP). Is there something I should do to set this beforehand? Does it matter? Anyway, I am also seeing, even with this firewall that I know enables outbound ping, a ping attempt to the dhcp server that fails with a permission failure. And Natd. All I get out of that is Oct 10 21:08:31 acadia natd[396]: failed to write packet back (Permission denied) in the console log. I have the following in /etc/rc.conf: natd_program="/sbin/natd" natd_interface="xl0" natd_enable=YES natd_flags="-unregistered_only -use_sockets -same_ports" and I have also tried using natd flags set instead to '-f /etc/natd.conf' which has: dynamic yes log no deny_incoming no use_sockets yes same_ports yes verbose no interface xl0 unregistered_only no And the internal machines can see the gateway, and visa versa, the gateway may see the outside world, but the internals don't see out. ps -ax | grep natd shows: 396 ?? Is 0:00.28 /sbin/natd -unregistered_only -use_sockets -same_port I know this is a lot of questions, and I know this has been discussed here before, but I'm lost. I've read several of the online resources, and I think I'm following things correctly, but there's some stupid thing I keep missing. Even the very clear cheat sheets at http://www.mostgraveconcern/freebsd/ didn't get me thru it. I used the examples exactly, and I do have all the IPF options in my kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT Someone please toss me a clue. TIA Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ micro: Thinker toys. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message