Date: Tue, 16 May 2000 09:13:43 -0800 From: axtjr@UAA.ALASKA.EDU To: freebsd-questions@freebsd.org Subject: natd / ipfw config problem Message-ID: <FDBB706C3FF1D311BE0200902787324601A511@nav.uaa.alaska.edu>
next in thread | raw e-mail | index | archive | help
All: I need some help ironing out the problems with my ipfw/natd configs. Problem: Everything seem to be passing back and forth ok, but I am spammed with 'failed to write back packet (Host is down)'. I can't seem to identify the host in question. Setup: I've recompiled and installed the kernel with the IPFIREWALL and IPDIVERT options built in for Freebsd 3.2. I have a cable modem setup with a static ip. My intentions are to setup various services behind a firewall. cable modem/internet <-> ed0/firewall/ed1 <-> home lan ed0 = staticip netmask 255.255.240.0 ed1 = 192.168.115.100 I have natd setup with: interface ed0 use_sockets yes redirect_address 192.168.115.100 my.static.ip I have the firewall rule set of: 100 divert 8668 ip from any to any 200 allow ip from any to any 65635 deny ip from any to any I've removed all firewall rules except for the three listed above. When I remove rule number 100, the 'Host is down' errors stop. natd fires up ok, ipfw comes up ok, my static ip functions, I can telnet and ping remote hosts, I can telnet into my box from remote hosts. I just get spammed with this (host is down) error message. Tests: (All tests conducted from firewall console) I've searched through several websites and archives of this list. It seems that the natd / ipfw / internet connection has alot of potential for various errors. I did find some comments about putting a 'via ed0' at the end of rule 100 could cause problems, so I removed it with no luck. I read that their could be an arp problem with cable modems, so figuring that the 255.255.240.0 subnet mask may be causing a headache I manually added the gateway router to the arp table with arp -S <router ip> <router MAC>. I've followed the guidelines of freebsddiary and the mostgraveconcern.com guidelines. I see no differences from these setups and my own. Anyway help, guidance, pointers to additional docs would be greatly appreciated. From reviewing the lists this is a difficult configuration, is there any other software that is equally functional that is easier to configure and maintain? Thanks in advance for your patience and help, please feel free to reply directly to me to keep the spam down. Thanks, Tom ********************************************************** * Tom Riley, CNE University of Alaska Anchorage * * Systems Engineer IT Services, Engineering Team * * axtjr@uaa.alaska.edu (907)786-1256 * * ----------------------- * * No life ever grows great until it is focused, * * dedicated, and disciplined. * ********************************************************** -----BEGIN GEEK CODE BLOCK----- GCS/E/IT d(-) s+:++ a- C++(+++) UB++++$ UL++$ US++++$ P+++$ L+ E W++ N++ o? K? w+(++) O--- M(-) V- PS(-) PE+ Y+ PGP(++) t+(++) 5+++ X+ R tv-(+) b+++ DI++(+++) D G(++) e+++> h*(++) r y+ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FDBB706C3FF1D311BE0200902787324601A511>