Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Jul 2001 14:14:09 -0400 (EDT)
From:      Joe Clarke <marcus@marcuscom.com>
To:        Mark Kobussen <kobes@usermail.com>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: IPFW/NATD or Cable Modem Trouble??
Message-ID:  <20010706141305.Q64705-100000@shumai.marcuscom.com>
In-Reply-To: <004001c10645$64f25e00$0201a8c0@goldenrod.net>

next in thread | previous in thread | raw e-mail | index | archive | help
This looks good to me.  This is pretty much _exactly_ what I'm doing, and
it works fine.  It could be questionable service, but you might want some
more eyes looking at this.

Joe Clarke

On Fri, 6 Jul 2001, Mark Kobussen wrote:

> I'm having some problems with my cable modem service, and I have yet to
> figure out whether it is caused by my incompetence with UNIX, or
> questionable service.
>
> Here's the Problem:
> My cable service dies probably every 30 minutes of internet usage. Up until
> this point, the remedy is usually to cycle the power to the cable modem, at
> which time I'm able to access the internet again. The one thing that
> confuses me, is that at the same time the cable modem stops responding, I
> can no longer telnet into the FreeBSD box - it just won't respond. The
> FreeBSD machine just runs the whole time, without any error messages
> whatsoever.
>
> I will mention that as I was writing this, I could no longer access the
> FreeBSD machine. Approximately 5-10 minutes later it began responding again,
> without me power cycling the cable modem.
>
> Here's the information:
>
> Cable Modem: 3com Sharkfin
>
> FreeBSD 4.3, using NATD/IPFW for gateway functions
> 2 LinkSys Ether16 ISA 10BaseT NIC's
>
> ed1 is connected to the hub
> ed2 is connected to the cable modem
>
> ----- Pertinent rc.conf Information
> gateway_enable="YES"
> hostname="marlborough "
> ifconfig_ed1="inet 192.168.1.1 netmask 255.255.255.0"
> ifconfig_ed2="DHCP"
> inetd_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> moused_enable="YES"
> sendmail_enable="YES"
> gateway_enable="YES"
> sshd_enable="YES"
> portmap_enable="YES"
> firewall_enable="YES"
> firewall_script="/etc/firewall/fwrules"
> natd_enable="YES"
> natd_flags="-dynamic"
> natd_interface="ed2"
>
> ----- Now follows is /etc/firewall/fwrules
> /sbin/ipfw -f flush
> /sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
> /sbin/ipfw add 2000 divert natd all from any to any via ed2
> /sbin/ipfw add 6500 pass all from any to any
>
> ----- Important ifconfig information; ed2 inet address has been changed
> ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>             inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>             inet6 fe80::240:5ff:fe6f:b0d4%ed1 prefixlen 64 scopeid 0x2
>             ether 00:40:05:6f:b0:d4
> ed2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>             inet6 fe80::240:5ff:fe6e:4ded%ed2 prefixlen 64 scopeid 0x3
>             inet 11.22.33.114 netmask 0xfffff800 broadcast 255.255.255.255
>             ether 00:40:05:6e:4d:ed
>
> ----- Crucial netstat -nr; some names changed to protect the innocent
> Internet:
> Destination         Gateway         Flags         Refs         Use
> Netif         Expire
> default                 11.22.33.1     UGSc         4                30356
> ed2
> 11.22.33/21         link#3             UC             0                 0
> ed2 =>
> 127.0.0.1             127.0.0.1        UH             0                 0
> lo0
> 192.168.1             link#2             UC             0                 0
> ed1 =>
>
> ----- Finally, ipfw -at list
> 01000 0 0 allow ip from 127.0.0.1 to 127.0.0.1
> 02000 36196 21882514 Thu Jul 5 23:24:33 2001 divert 8668 ip from any to any
> via ed2
> 06500 80257 46277217 Thu Jul 5 23:26:37 2001 allow ip from any to any
> 65535 1 345 Thu Jul 5 17:14:47 2001 deny ip from any to any
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010706141305.Q64705-100000>