Date: Fri, 26 Dec 2003 11:17:31 -0800 (PST) From: The Bean <beantaxi@yahoo.com> To: Micheal Patterson <micheal@tsgincorporated.com>, freebsd-questions@freebsd.org Subject: Re: natd problem (but close!) Message-ID: <20031226191731.30016.qmail@web40414.mail.yahoo.com> In-Reply-To: <bca701c3cbda$aac74140$0201a8c0@dredster>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Michael. Yep, that rule is there: (in response to a bash-2.0.4# ipfw -a list) 00050 1398666 172283391 divert 8668 ip from any to any via xl0 00100 1202 127228 allow ip from any to any via lo0 ... etc ... Very first rule. (I was going to mention this in my initial email but I guess I forgot). I believe I was helped in this by rc.firewall itself -- looks like that for 'open' and 'simple' it adds the divert rule if natd_enable is set. I'm guessing this is newish, as the docs I read insisted that I add the rule myself. In any case, it's there. Thanks again, T.B. --- Micheal Patterson <micheal@tsgincorporated.com> wrote: > > > ----- Original Message ----- > From: "The Bean" <beantaxi@yahoo.com> > To: <freebsd-questions@freebsd.org> > Sent: Friday, December 26, 2003 11:27 AM > Subject: natd problem (but close!) > > > > Hi all, > > > > I've been trying to get natd up on a FreeBSD 4.9-Stable box. > > I think I've followed every step, and it's still not quite working, > > although I believe it's getting close. My dual-homed box has > > two interfaces: internal ed0=10.13.0.1/8, and external > > xl0=xx.yy.zz.187/29 (note I've cleverly obscured the IP). > > > > Here's what I've done on the dual-homed box: > > - Kernel compiled with IPFIREWALL & IPDIVERT > > - gateway_enabled="YES", verified with sysctl -a list | grep ipforwarding > > - firewall set to open > > - natd_enabled="YES" > > - natd_interface=my external interface > > - natd_flags=-f /etc/natd.conf > > - /etc/natd.conf contains one line: redirect_address 10.0.0.13 > xx.yy.zz.186, > > where xx.yy.zz.186 is the desired public IP for a client on my internal > > network, whose internal IP is 10.0.0.13 > > > > On my client, I've set the default router to 10.13.0.1, which is the IP > for the > > internal interface for the gateway box. > > > > The gateway can access the Internet just fine. The client has some > problems, > > which I've attempted to diagnose by running tcpdump on the gateway, and > > trying a ping and a lynx from the client. Here are the results, as > reported > > by the gateway: > > > <snip> > > Do an ipfw list and you should see an entry at or very near the top similar > to: > divert 8668 ip from any to any via xl0 > > If you don't, traffic isn't being diverted to NAT and it's trying to route > the 10 /8 traffic to it's connected router and dieing there. > > > -- > > Micheal Patterson > Network Administration > TSG Incorporated > 405-917-0600 > __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031226191731.30016.qmail>