Site Navigation

Date:      Fri, 17 Jan 2003 08:12:39 -0700
From:      WillyB <willyb1964n@netscape.net>
To:        reytech@sover.net
Cc:        Bill Moran <wmoran@potentialtech.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: different ipfw/natd prob
Message-ID:  <3E281D67.9000202@netscape.net>
References:  <Pine.BSI.4.21.0301170843480.24479-100000@granite.sover.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Here's what I did that worked for me on FreeBSD 4.5-RELEASE

Maybe this will help you some.....

Kernel recompile options I added:
options         IPFIREWALL                      # I added for firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    # I added for firewall
options         IPFIREWALL_VERBOSE              # I added for firewall
options         IPFIREWALL_VERBOSE_LIMIT=10     # I added for firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    # I added for firewall
options         IPFIREWALL_FORWARD              # I added for firewall 

options         IPDIVERT                        # I added for natd

ipfw rules:
/sbin/ipfw add 100 pass all from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add 200 divert natd all from any to any via rl0

ifconfig:
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=3<rxcsum,txcsum>
         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
         inet6 fe80::201:2ff:fee8:2298%xl0 prefixlen 64 scopeid 0x1
         ether 00:01:02:e8:22:98
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet 24.xx.xxx.61 netmask 0xfffffe00 broadcast 24.xxxx.xxx.255
         inet6 fe80::250:bfff:fe51:5503%rl0 prefixlen 64 scopeid 0x2
         ether 00:50:bf:51:55:03
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active

rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.cf"
hostname="mygatewayhost"
ifconfig_rl0="inet 24.121.16.61  netmask 255.255.254.0"
ifconfig_xl0="inet 192.168.0.1  netmask 255.255.255.0"


WillyB



reytech@sover.net wrote:
> following is rc.conf, /etc/natd.conf, ifconfig, ipfw show
> 
> rc.conf
> 
> inetd_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> tcp_extensions="YES"
> named_enable="YES"
> sendmail_enable="NO"
> portmap_enable="YES"
> router_enable="yes"
> router="/sbin/routed"
> router_flags="-q"
> defaultrouter="68.abc.de.1"
> hostname="www.kingrea.com"
> network_interfaces="lo0 fxp0 dc0"
> ifconfig_lo0="inet 127.0.0.1"
> ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media 10baseT/UTP"
> ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0"
> firewall_enable="YES"
> firewall_type="OPEN"
> gateway_enable="YES"
> natd_enable="YES"
> natd_interface="dc0"
> natd_flags="-f /etc/natd.conf"
> 
> natd.conf
> 
> interface dc0
> use_sockets yes
> same_ports yes
> 
> ifconfig
> 
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255
>         inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1
>         ether 00:04:5a:5a:99:87
>         media: Ethernet 10baseT/UTP
>         status: active
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>         inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2
>         ether 00:a0:c9:5c:37:38
>         media: Ethernet autoselect (100baseTX)
>         status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>         inet 127.0.0.1 netmask 0xff000000
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> 
> ipfw show
> 
> 00100   0   0 allow ip from any to any via lo0
> 00200   0   0 deny ip from any to 127.0.0.0/8
> 00300   0   0 deny ip from 127.0.0.0/8 to any
> 65000   4208    345040 all ip from any to any
> 65535   0   0 deny ip from any to any
> 
> 
> thanks for assistance!
> 
> stephen d. kingrea
> 
> On Fri, 17 Jan 2003, Bill Moran wrote:
> 
> 
>>Stephen D. Kingrea wrote:
>>
>>>i have a slightly different ipfw/natd problem.  
>>>
>>>machines on the lan can ping internal nic on the server (fbsd 4.7), and
>>>the external nic, but can not ping or reach anything outside. unless i
>>>telnet into the server, then telnet out. currently running ipfw
>>>"open" until problem is solved. server can ping all machines on lan.
>>
>>On a wild guess, it sounds like your divert rule is wrong.
>>Need more information to help with this.
>>
>>Please repost to the list and include the following:
>>The output of 'ipfw show'
>>The output of 'ifconfig'
>>The contents of your rc.conf file
>>
>>-- 
>>Bill Moran
>>Potential Technologies
>>http://www.potentialtech.com
>>
>>
>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>with "unsubscribe freebsd-questions" in the body of the message
>>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


-- 
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E281D67.9000202>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact