From owner-freebsd-net@FreeBSD.ORG Fri Oct 1 08:18:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 543C516A4CE for ; Fri, 1 Oct 2004 08:18:21 +0000 (GMT) Received: from beer.ux6.net (beer.ux6.net [64.62.253.29]) by mx1.FreeBSD.org (Postfix) with SMTP id 28E3543D4C for ; Fri, 1 Oct 2004 08:18:21 +0000 (GMT) (envelope-from miha@ghuug.org) Received: (qmail 73749 invoked by uid 113); 1 Oct 2004 01:18:21 -0700 Received: from 205.177.65.128 by beer.ux6.net (envelope-from , uid 112) with qmail-scanner-1.23 (clamdscan: 0.70. spamassassin: 2.64. Clear:RC:0(205.177.65.128):SA:0(4.7/6.0):. Processed in 5.086475 secs); 01 Oct 2004 08:18:21 -0000 X-Spam-Status: No, hits=4.7 required=6.0 X-Spam-Level: ++++ Received: from unknown (HELO ?192.168.0.3?) (miha@beer.ux6.net@205.177.65.128) by localhost with SMTP; 1 Oct 2004 01:18:15 -0700 From: "Mikhail P." Organization: Ghana Unix Users Group To: Juhani Tali Date: Fri, 1 Oct 2004 08:18:07 +0000 User-Agent: KMail/1.7 References: <200410010543.42789.miha@ghuug.org> <200410010711.24829.miha@ghuug.org> <415D0977.4000006@kernel.ee> In-Reply-To: <415D0977.4000006@kernel.ee> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410010818.07826.miha@ghuug.org> cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: confusion with natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: miha@ghuug.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 08:18:21 -0000 On Friday 01 October 2004 07:38, Juhani Tali wrote: > ---- > ipfw add 4 divert 8568 ip from 192.168.0.3 to any out xmit tun0 > ipfw add 6 divert 8568 ip from any to any in recv tun0 > ---- > > replace these with > ipfw add 4 divert 8568 ip from 192.168.0.3 to any > prior to this rule the packet was not destined to go out through tun0 > but rl1, so the (xmit tun0) condition does not match. I see your point, and I tried suggested ipfw rules, but I'm still unable to get it working. What I ended with now (with above ipfw rules applied) - e.g. I ping "216.239.37.99" (google's ip) from 192.168.0.3, the 4th ipfw rule matches (see below), however pings don't get back and no traffic passes through tun0 (as supposed), instead packet travels via rl0 and then rl1: core# ipfw show 00004 55 3923 divert 8568 ip from 192.168.0.3 to any 00006 0 0 divert 8568 ip from any to any in recv tun0 00010 809517 109015055 divert 8668 ip from 192.168.0.0/24 to any out xmit rl1 00010 804261 407529807 divert 8668 ip from any to 192.168.254.1 in recv rl1 65535 3304709 1040001522 allow ip from any to any core# core# tcpdump -n -i rl0 host 216.239.37.99 tcpdump: listening on rl0 08:00:25.829749 192.168.0.3 > 216.239.37.99: icmp: echo request 08:00:26.839735 192.168.0.3 > 216.239.37.99: icmp: echo request 08:00:27.849675 192.168.0.3 > 216.239.37.99: icmp: echo request ^C 100 packets received by filter 0 packets dropped by kernel core# core# tcpdump -n -i rl1 host 216.239.37.99 tcpdump: listening on rl1 08:00:37.949283 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:38.959154 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:39.969102 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:40.979069 192.168.10.2 > 216.239.37.99: icmp: echo request ^C 57 packets received by filter 0 packets dropped by kernel core# core# netstat -nr|grep tun0 192.168.10.1 192.168.10.2 UH 0 49 tun0 core# ps ax | grep nat|grep tun0 52578 ?? Ss 0:00.51 natd -port 8568 -interface tun0 core# core# netstat -nr|grep tun0 192.168.10.1 192.168.10.2 UH 0 49 tun0 and tcpdump on tun0 shows nothing. Basically we got back to the point where we all started - I can ping remote party (HOST_B) from 192.168.0.x, but no further. Some piece in this mosaic is probably missing.. launched ping from 192.168.0.3 to 192.168.10.1: core# tcpdump -n -i tun0 tcpdump: listening on tun0 08:14:36.959198 192.168.10.1 > 192.168.10.2: icmp: echo reply 08:14:37.711774 192.168.10.2 > 192.168.10.1: icmp: echo request ^C 3 packets received by filter 0 packets dropped by kernel core# > Juhani Tali regards, M.