Date: Sun, 26 Nov 2000 14:53:17 -0800 (PST) From: mike@hyperreal.org To: freebsd-questions@freebsd.org Subject: Re: natd basic setup help Message-ID: <20001126225317.29294.qmail@hyperreal.org> In-Reply-To: <20001125174840.B12190@149.211.6.64.reflexcom.com> from "Crist J . Clark" at "Nov 25, 2000 05:48:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Crist J . Clark wrote:
> natd(8) was not designed to work with one physical interface. It may
> work, but if it doesn't you're kind of on your own. You might say it is
> not a supported configuration.
OK, I'm still confused about NAT setup. I have successfully
installed a 2nd NIC in the FreeBSD box and now have the
following connections:
[private_box_1]----[ unmanaged ]
[ switch ]---[FreeBSD_box]---[DSL modem]
[private_box_2]----[ ]
The kernel is configured with:
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=50
options IPDIVERT
options IPFILTER
options IPFILTER_LOG
/etc/rc.conf contains:
ifconfig_rl0="inet 216.241.42.159 netmask 255.255.255.0"
ifconfig_dc0="inet 10.0.0.1 netmask 255.255.255.0"
defaultrouter="216.241.42.1"
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
firewall_type="open"
/etc/natd.conf contains:
log yes
use_sockets yes
same_ports yes
redirect_address 10.0.0.2 216.241.42.159
redirect_address 10.0.0.3 216.241.42.159
rl0 is the public interface. The NIC for that interface is physically
connected to the DSL modem. dc0 is physically connected to the switch.
The kernel's boot messages indicate that both links are up and active,
and "IP packet filtering initialized, divert enabled, rule-based
forwarding enabled, default to deny, logging limited to 50 packets/
entry by default" and "IP Filter: v3.4.8 initialized. Default = pass
all, Logging = enabled" ... everything as expected, I think.
First question:
Before, when I connected the DSL modem to the switch, I had to use
the switch's uplink port. Connecting the modem to the other ports
does not work (no link lights on the NIC or the switch).
Now, when I connect the dc0 NIC to the switch, I have to use one of
the regular ports in order to get link lights. If I connect to the
uplink port, no link.
Why would I get no link lights in the case of DSL modem <-> regular
port, or dc0 NIC <-> uplink port? Do I need to use the uplink port
at all in the new configuration?
Question 2:
From what I've read and what I've seen in rc.firewall, the above
kernel and rc.conf configuration should be sufficient to have an
open firewall. However, after boot, it appears that rc.firewall is
not being run at all:
# ipfw list
65535 deny ip from any to any
And indeed, no packets go anywhere. If I go ahead and run
rc.firewall, I get
# sh /etc/rc.firewall
Flushed all rules.
00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
# ipfw list
00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any
which looks about right.
Why is /etc/rc.firewall not running on startup? Is this expected?
Question 3:
After running rc.firewall, the FreeBSD box and a private box
can ping each other at 10.0.0.1 and 10.0.0.2, respectively. Each
can also ping themselves at 127.0.0.1. So good, the local network
is functional.
However, none of the boxes can ping the ISP's router at the other end
of the DSL link (216.241.42.1).
What should I look at next?
TIA,
Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126225317.29294.qmail>