Date: Wed, 17 Mar 1999 12:11:48 -0600 From: Benjamin Gavin <gavinb@supranet.net> To: freebsd-stable@freebsd.org Subject: Re: natd Issues Message-ID: <4.1.19990317121136.00bb7900@mail.supranet.net>
next in thread | raw e-mail | index | archive | help
Hey, What are the relevant lines of rc.conf, rc.firewall for you? I see you are using "alias_address", this _cannot_ be used in conjunction with the "natd_interface" variable in the rc.conf file. You should use one or the other. Also, if you are using the standard rc.firewall and you _don't_ have "natd_interface" defined, it won't add the divert rule. A good configuration would look kinda like this: /etc/rc.conf: firewall_type="open" firewall_enable="YES" firewall_quiet="YES" natd_enable="YES" natd_interface="de0" natd_flags="-same_ports -use_sockets -dynamic" OR "-f <path_to_config_file>" I have noticed, and please someone explain why this is happening, that if you have the following two lines (which are in the default rc.firewall), the redirection of ports and addresses _WILL NOT WORK_: $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 200 deny all from any to 127.0.0.0/8 To get it to work, I had to comment out these lines, or call a flush at the beginning of a custom rc.firewall.local file, then re-add the divert rule. I haven't been able to figure out why these two rules ruin the natd redirection, but it may be a bug... Thanks, Ben Gavin At 11:36 AM 3/17/99 -0600, you wrote: >Yes. > >Everything seems to work on the 2.2 machine except redirect_address >(well, it routes packets.) The 3.1 machine just sits there. I have it >setup like: > >(3.1 box's setup) > > de0 (external interface) -> Outside World > /|\ > | > tx0 (10.0.0.1) <- 10.0.0.2 > >I can ping 192.168.0.1 from 192.168.0.2. I can also telnet to it, etc. >sysctl's net.inet.ip.forwarding is actived (1). It just isn't routing >the packets. IPFIREWALL_DEFAULT_TO_ACCEPT is also in the kernel. > >All i'm really interested in is getting redirect_address functioning. >This is the config file (for 2.2.8-STABLE): > >------------------ > # natd config > use_sockets yes > same_ports yes > log yes > alias_address 204.214.18.2 > redirect_address 10.0.0.192 204.214.18.2 >------------------ > >Is there something i'm missing for redirect_address? When I kill && >restart it, nothing works at all. > >The kernel config has this information in it: > >------------------ > options IPFIREWALL > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT >------------------ > >On Wed, 17 Mar 1999, Tanguy de Courson wrote: > >> did you compile IPDIVERT and IPFIREWALL into your kernel? >> >> At 09:10 AM 03/17/1999 -0600, you wrote: >> >I just have a couple of questions about some natd problems we're >> >having while setting up a rather large ADSL customer to use it. >> > >> >We have to use the redirect_address feature to alias IPs into their >> >internal network. It doesn't seem to work at all. The computer stops >> >transmitting packets. This machine is 2.2.8-STABLE. >> > >> >I setup a test lab here at the office, but the only machine I could find >> >for it was running 3.1-STABLE. This one won't even route packets. >> > >> >Are these known problems? Is anyone working on them? >> > >> >I compiled the natd sources from 2.2.8-STABLE in 3.1-STABLE, but still >> >had no luck. Do you think this is related to the IPDIVERT for divert >> >sockets? >> > >> >Any help you can offer will be great. Thanks! >> > >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-stable" in the body of the message >> > >> ----------------------------------------------------------- >> Tanguy 'Ripper' de Courson - Internet Programmer ('Perl') at ITN >> myneid - fool 'o fools, gnome 'o gnomes >> "schalin666: Okay. I guess I should allow a human's right to a higher >> education, so long as it doesn't ruin my pornography income" >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-stable" in the body of the message >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-stable" in the body of the message /--------------------------------------------------------------------------/ Benjamin Gavin - Senior Consultant *********** NO SPAM!! ************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990317121136.00bb7900>