Date: Sat, 17 Jun 2000 21:28:42 -0700 (PDT) From: James Long <james@ip216-26-45-224.dsl.du.teleport.com> To: freebsd-questions@FreeBSD.ORG Subject: Novice troubles with natd Message-ID: <200006180428.VAA03979@ip216-26-45-224.dsl.du.teleport.com>
next in thread | raw e-mail | index | archive | help
I am a FreeBSD novice who is trying to configure a P90 running 3.4-RELEASE
to act as a firewall between by DSL interface and a local network run here
at my home.
I have compiled my kernel with these options set, among others:
machine "i386"
cpu "I586_CPU"
ident MYKERNB
maxusers 32
options INET #InterNETworking
options IPFILTER
options IPFILTER_LOG
options IPFIREWALL
options IPFIREWALL_VERBOSE #enable packet logging
options IPDIVERT
And my rc.conf reads:
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.
# -- sysinstall generated deltas -- #
network_interfaces="fxp1 fxp0 lo0"
ifconfig_fxp0="inet 216.26.45.224 netmask 255.255.255.0"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.255.255.0"
defaultrouter="216.26.45.1"
hostname="ip216-26-45-224.dsl.du.teleport.com"
natd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
#firewall_type="simple"
firewall_type="custom"
'custom' is a firewall type I have defined myself in rc.firewall. Actually,
my current firewall rules are:
flush
add divert natd ip from 10.0.0.0/24 to any via fxp1
add deny log ip from 10.0.0.2 to any
add allow ip from any to any
My immediate problem is that natd doesn't seem to be remapping packet
addresses the way I thought it would. Or at all, for that matter.
I have my public interface configured with my (single) static IP address,
and have the private interface configured as 10.0.0.1. I am testing with
one other machine on the network configured as 10.0.0.2. I can ping around
on the private net fine. But I want to use a name server provided by my ISP
which of course is outside the firewall. When I try to ping from 10.0.0.2 to
the name server, natd shows that the packet coming in as 10.0.0.2 -> w.x.y.z
is remapped to 10.0.0.2 -> w.x.y.z. No change to the source address.
I am running natd with the command line:
natd -v -l -n fxp0
The specific message from natd is:
In [ICMP] [ICMP] 10.0.0.2 -> 192.108.254.11 8(0) aliased to
[ICMP] 10.0.0.2 -> 192.108.254.11 8(0)
Any clues or pointers would be appreciated. Thank you for your time.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006180428.VAA03979>