Date: Mon, 5 Mar 2001 14:05:33 +1100 From: Paul Cheetham <paul.cheetham@cmc.cwo.net.au> To: "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG> Subject: FW: Weird NAT problem Message-ID: <47C271B973BED411B2760090276AD4A8026B1E@CMCEXCH01>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0A521.24F98510 Content-Type: text/plain; charset="iso-8859-1" Hi All, I really need some help here as I've been trying to figure this out for a while now. I recently installed my new ADSL service on FBSD using the NIC telstra provided and everything is working find on the FBSD machine. The problem is I have a 2nd NIC connecting to a win2k machine. The problem is when I browse only certain sites work, eg I can log into hotmail and check/send email, but I cant go to www.telstra.com <http://www.telstra.com>; or www.optus.com <http://www.optus.com>; or www.freebsd.org <http://www.freebsd.org>; I can get to www.cisco.com <http://www.cisco.com>; and browse around different pages as well. Another thing to note I can check email but as soon as there's an email in my mailbox the mail client freezes. I can connect to ICQ but can't initiate a msg but can reply. So there are allot of weird things happening I have the same setup which I used for a dialup and worked fine. I'm using the ppp -nat option to connect: my local nic is using the 10.0.0.0/24 A few new problems which I found may be a clue 1) When I tried to portscan someone I get this nmap error msg. Starting nmap V. 2.53 by fyodor@insecure.org <mailto:fyodor@insecure.org> ( www.insecure.org/nmap/ <http://www.insecure.org/nmap/>; ) WARNING: Could not determine what interface to route packets through to 198.133.219.25, changing ping scantype to ICMP only Could not figure out what device to send the packet out on! You might possibly want to try -S (but this is probably a bigger problem). If you are trying to sp00f the source of a SYN/FIN scan with -S <fakeip>, then you must use -e eth0 (or other devicename) to tell us what interface to use. 2) I can't start apache which gives no errors why. 3) ipfw doesn't load a policy this is the error I get ipfw: getsockopt(IP_FW_ADD): Invalid argument in my kernel I have the following options: options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_DEFAULT_TO_ACCEPT options ICMP_BANDLIM options IPDIVERT options IPSTEALTH options NETGRAPH options NETGRAPH_PPPOE options NETGRAPH_SOCKET options NETGRAPH_ETHER In case someone asks, I have no xwin on fbsd but can browse all sites via lynx. I really hope someone will be able to explain and solve this weird happenings... Thanks in advance. P.S sorry for the long post. ------_=_NextPart_001_01C0A521.24F98510 Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD> <BODY> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>Hi All,</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>I really need some help here as I've been trying to figure this out for a while now.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>I recently installed my new ADSL service on FBSD using the NIC telstra provided and everything is working find on the FBSD machine.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>The problem is I have a 2nd NIC connecting to a win2k machine. The problem is when I browse only certain sites work, eg I can log into hotmail and check/send email, but I cant go to <A href="http://www.telstra.com">www.telstra.com</A>; or <A href="http://www.optus.com">www.optus.com</A>; or <A href="http://www.freebsd.org">www.freebsd.org</A>; </SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>I can get to <A href="http://www.cisco.com">www.cisco.com</A>; and browse around different pages as well.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>Another thing to note I can check email but as soon as there's an email in my mailbox the mail client freezes. I can connect to ICQ but can't initiate a msg but can reply.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>So there are allot of weird things happening I have the same setup which I used for a dialup and worked fine.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>I'm using the ppp -nat option to connect:</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>my local nic is using the 10.0.0.0/24</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>A few new problems which I found may be a clue </SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001><STRONG>1)</STRONG> When I tried to portscan someone I get this nmap error msg.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>Starting nmap V. 2.53 by <A href="mailto:fyodor@insecure.org">fyodor@insecure.org</A> ( <A href="http://www.insecure.org/nmap/">www.insecure.org/nmap/</A>; )<BR>WARNING: Could not determine what interface to route packets through to 198.133.219.25, changing ping scantype to ICMP only<BR>Could not figure out what device to send the packet out on! You might possibly want to try -S (but this is probably a bigger problem). If you are trying to sp00f the source of a SYN/FIN scan with -S <fakeip>, then you must use -e eth0 (or other devicename) to tell us what interface to use.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001><STRONG>2)</STRONG> I can't start apache which gives no errors why.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001><STRONG>3)</STRONG> ipfw doesn't load a policy this is the error I get</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>ipfw: getsockopt(IP_FW_ADD): Invalid argument</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>in my kernel I have the following options:</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>options IPFIREWALL_VERBOSE_LIMIT=100<BR>options IPFIREWALL_DEFAULT_TO_ACCEPT<BR>options ICMP_BANDLIM<BR>options IPDIVERT<BR>options IPSTEALTH<BR>options NETGRAPH<BR>options NETGRAPH_PPPOE<BR>options NETGRAPH_SOCKET<BR>options NETGRAPH_ETHER</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>In case someone asks, </SPAN></FONT><FONT face=Arial size=2><SPAN class=449064102-05032001>I have no xwin on fbsd but can browse all sites via lynx.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>I really hope someone will be able to explain and solve this weird happenings...</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>Thanks in advance.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=449064102-05032001>P.S sorry for the long post.</SPAN></FONT></DIV></BODY></HTML> ------_=_NextPart_001_01C0A521.24F98510-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47C271B973BED411B2760090276AD4A8026B1E>