Date: Wed, 17 Mar 1999 12:11:48 -0600 From: Benjamin Gavin <gavinb@supranet.net> To: freebsd-stable@freebsd.org Subject: Re: natd Issues Message-ID: <4.1.19990317121136.00bb7900@mail.supranet.net>
next in thread | raw e-mail | index | archive | help
Hey,
What are the relevant lines of rc.conf, rc.firewall for you? I see you
are using "alias_address", this _cannot_ be used in conjunction with the
"natd_interface" variable in the rc.conf file. You should use one or the
other. Also, if you are using the standard rc.firewall and you _don't_
have "natd_interface" defined, it won't add the divert rule. A good
configuration would look kinda like this:
/etc/rc.conf:
firewall_type="open"
firewall_enable="YES"
firewall_quiet="YES"
natd_enable="YES"
natd_interface="de0"
natd_flags="-same_ports -use_sockets -dynamic" OR "-f <path_to_config_file>"
I have noticed, and please someone explain why this is happening, that if
you have the following two lines (which are in the default rc.firewall),
the redirection of ports and addresses _WILL NOT WORK_:
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny all from any to 127.0.0.0/8
To get it to work, I had to comment out these lines, or call a flush at
the beginning of a custom rc.firewall.local file, then re-add the divert
rule. I haven't been able to figure out why these two rules ruin the natd
redirection, but it may be a bug...
Thanks,
Ben Gavin
At 11:36 AM 3/17/99 -0600, you wrote:
>Yes.
>
>Everything seems to work on the 2.2 machine except redirect_address
>(well, it routes packets.) The 3.1 machine just sits there. I have it
>setup like:
>
>(3.1 box's setup)
>
> de0 (external interface) -> Outside World
> /|\
> |
> tx0 (10.0.0.1) <- 10.0.0.2
>
>I can ping 192.168.0.1 from 192.168.0.2. I can also telnet to it, etc.
>sysctl's net.inet.ip.forwarding is actived (1). It just isn't routing
>the packets. IPFIREWALL_DEFAULT_TO_ACCEPT is also in the kernel.
>
>All i'm really interested in is getting redirect_address functioning.
>This is the config file (for 2.2.8-STABLE):
>
>------------------
> # natd config
> use_sockets yes
> same_ports yes
> log yes
> alias_address 204.214.18.2
> redirect_address 10.0.0.192 204.214.18.2
>------------------
>
>Is there something i'm missing for redirect_address? When I kill &&
>restart it, nothing works at all.
>
>The kernel config has this information in it:
>
>------------------
> options IPFIREWALL
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPDIVERT
>------------------
>
>On Wed, 17 Mar 1999, Tanguy de Courson wrote:
>
>> did you compile IPDIVERT and IPFIREWALL into your kernel?
>>
>> At 09:10 AM 03/17/1999 -0600, you wrote:
>> >I just have a couple of questions about some natd problems we're
>> >having while setting up a rather large ADSL customer to use it.
>> >
>> >We have to use the redirect_address feature to alias IPs into their
>> >internal network. It doesn't seem to work at all. The computer stops
>> >transmitting packets. This machine is 2.2.8-STABLE.
>> >
>> >I setup a test lab here at the office, but the only machine I could find
>> >for it was running 3.1-STABLE. This one won't even route packets.
>> >
>> >Are these known problems? Is anyone working on them?
>> >
>> >I compiled the natd sources from 2.2.8-STABLE in 3.1-STABLE, but still
>> >had no luck. Do you think this is related to the IPDIVERT for divert
>> >sockets?
>> >
>> >Any help you can offer will be great. Thanks!
>> >
>> >
>> >
>> >To Unsubscribe: send mail to majordomo@FreeBSD.org
>> >with "unsubscribe freebsd-stable" in the body of the message
>> >
>> -----------------------------------------------------------
>> Tanguy 'Ripper' de Courson - Internet Programmer ('Perl') at ITN
>> myneid - fool 'o fools, gnome 'o gnomes
>> "schalin666: Okay. I guess I should allow a human's right to a higher
>> education, so long as it doesn't ruin my pornography income"
>>
>>
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-stable" in the body of the message
>>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message
/--------------------------------------------------------------------------/
Benjamin Gavin - Senior Consultant
*********** NO SPAM!! ************
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990317121136.00bb7900>