Date: Thu, 10 Oct 2002 21:38:48 +0300 From: "D. Penev" <dpenev@mail.bg> To: "2005 - Chill, Samuel Thomas" <stchill@mccallie.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Puzzling Simple NATD and IPFW Problem Message-ID: <20021010183848.GA250@earth.dpsca.bg> In-Reply-To: <200210091834.AA431817180@mail.mccallie.org> References: <200210091834.AA431817180@mail.mccallie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 09, 2002 at 06:34:43PM -0400, 2005 - Chill, Samuel Thomas wrote: >Date: Wed, 9 Oct 2002 18:34:43 -0400 >From: "2005 - Chill, Samuel Thomas" <stchill@mccallie.org> >To: <freebsd-questions@FreeBSD.ORG> >Subject: Re: Puzzling Simple NATD and IPFW Problem > >After fixing all of these "problems" still it does not work! >Im running FreeBSD 4.6-STABLE >Using two realtek 8139's (rl0 external rl1 internal) >External is Dhcp to cable modem >Internal ip is 10.0.0.1 >Client machines have 10.0.0.x as there ip and 10.0.0.1 set as there gateway and dns >---------- Original Message ---------------------------------- >From: "D. Penev" <dpenev@mail.bg> >Date: Wed, 9 Oct 2002 21:06:36 +0300 > >On Wed, Oct 09, 2002 at 12:00:25AM -0400, 2005 - Chill, Samuel Thomas wrote: >>Date: Wed, 9 Oct 2002 00:00:25 -0400 >>From: "2005 - Chill, Samuel Thomas" <stchill@mccallie.org> >>To: <freebsd-questions@FreeBSD.ORG> >>Subject: Re: Puzzling Simple NATD and IPFW Problem >> >>Here is the info. Hope it helps solve this problem. >># ifconfig -a >>rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >> inet6 fe80::201:aff:fe10:815b%rl0 prefixlen 64 scopeid 0x1 >> inet 68.59.237.192 netmask 0xfffff800 broadcast 68.59.239.255 >> ether 00:01:0a:10:81:5b >> media: Ethernet autoselect (100baseTX <full-duplex>) >> status: active >>rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 >> inet6 fe80::2d0:9ff:fec6:15ed%rl1 prefixlen 64 scopeid 0x2 >> ether 00:d0:09:c6:15:ed >> media: Ethernet autoselect (10baseT/UTP) >> status: active >>lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 >>sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 >>faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 >>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 >> inet6 ::1 prefixlen 128 >> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 >> inet 127.0.0.1 netmask 0xff000000 >>ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 >> >># ipfw -a l >>00100 160 72611 divert 8668 ip from any to any via rl0 >>00200 661 115174 allow ip from any to any >>65535 4 581 deny ip from any to any run ipfw -a l ping any internet address from local network run again ipfw -a l and look is there any changes for packet counter at rule 100 If packets go through divert socket run manualy natd with -v option and ping again to see what's going on in natd. >> >># netstat -rn >>Routing tables >> >>Internet: >>Destination Gateway Flags Refs Use Netif Expire >>default 68.59.232.1 UGSc 9 5 rl0 >>10/24 link#2 UC 2 0 rl1 >>10.0.0.3 00:04:5a:53:4d:92 UHLW 2 2109 rl1 241 >>10.0.0.4 00:04:5a:53:4d:92 UHLW 2 679 rl1 1050 >>68.59.232/21 link#1 UC 2 0 rl0 >>68.59.232.1 00:02:fc:82:f0:54 UHLW 10 0 rl0 1199 >>68.59.237.177 00:02:fc:82:f0:70 UHLW 0 6 rl0 163 >>68.59.237.192 127.0.0.1 UGHS 0 0 lo0 >>127.0.0.1 127.0.0.1 UH 1 0 lo0 >> >>Internet6: >>Destination Gateway Flags Netif Expire >>::1 ::1 UH lo0 >>fe80::%rl0/64 link#1 UC rl0 >>fe80::201:aff:fe10:815b%rl0 00:01:0a:10:81:5b UHL lo0 >>fe80::%rl1/64 link#2 UC rl1 >>fe80::2d0:9ff:fec6:15ed%rl1 00:d0:09:c6:15:ed UHL lo0 >>fe80::%lo0/64 fe80::1%lo0 Uc lo0 >>fe80::1%lo0 link#6 UHL lo0 >>ff01::/32 ::1 U lo0 >>ff02::%rl0/32 link#1 UC rl0 >>ff02::%rl1/32 link#2 UC rl1 >>ff02::%lo0/32 ::1 UC lo0 >> >># sysctl net.inet.ip.forwarding >>net.inet.ip.forwarding: 1 >> >># ps -aux |grep nat >>root 216 0.0 0.1 436 292 ?? Is 6:13PM 0:00.01 natd -interface rl0 > >what ps x | grep natd show ? In principle if natd is started from rc.network >first argument must be $natd_flags and then $natd_interface. > >> >> >># cat /etc/rc.conf >>gateway_enable="YES" >>firewall_enable="YES" >>firewall_type="/etc/rc.ipfw-queue" >>firewall_quiet="NO" >>natd_enabled="YES" > ^ >Is this error really exist in rc.conf ? > >>natd_interface="rl0" >>natd_flags="-f /etc/natd.conf" >>hostname=".andrsn01.tn.comcast.net" >>ifconfig_rl0="DHCP" >>ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0" >>inetd_enable="YES" >>kern_securelevel_enable="NO" >>linux_enable="YES" >>lpd_enable="YES" >>nfs_reserved_port_only="YES" >>sendmail_enable="YES" >>sshd_enable="YES" >>usbd_enable="YES" >> >># cat /etc/natd.conf >>dynamic yes >>use_sockets yes >>same_ports yes >>unregistered_only >>---------- Original Message ---------------------------------- >>From: Nick Rogness <nick@rogness.net> >>Date: Tue, 8 Oct 2002 15:38:00 -0600 (MDT) >> >>On Tue, 8 Oct 2002, 2005 - Chill, Samuel Thomas wrote: >> >>> I have ipfirewall, ipdivert, and dummynet all compiled into my kernel. I >>> am able to run run natd and to specify rules with ipfw, i can also ping >>> my external interface. My internal network card (rl1) is 10.0.0.1 and my >>> lan clients are running on 10.0.0.x. I can ping everything, the network >>> is setup properly. Im using the default rules supplied in the man page >>> and apperently natd is not passing them on. I cant ping or go to any >>> website at all. The lan clients have 10.0.0.1 set as there default >>> gateway. rl0 is connected to the cable modem and gets it ip via dhcp. >>> The freebsd box can ping any thing but apparently nothing is forwarded >>> to the external interface. I have double checked and reinstalled >>> multiple times and it seems that it is bound to never work! >> >> Do you have gateway_enable="YES" in /etc/rc.conf? >> >> What do the following show when you run them (just paste them in a >> reply): >> >> # ifconfig -a >> # netstat -rn >> # ipfw -a l >> # sysctl net.inet.ip.forwarding >> # ps -aux |grep nat >> # cat /etc/rc.conf >> >>Nick Rogness <nick@rogness.net> >>- WARNING TO ALL PERSONNEL: >> Firings will continue until morale improves. >> >> >> >>--- >>[This E-mail scanned for viruses by Declude Virus] >> >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message > >In fact I don't think that will solve you problem but who know :) > >-- >Regards, >D. Penev >--- >[This E-mail scanned for viruses by Declude Virus] > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010183848.GA250>