From owner-freebsd-questions  Tue Mar 21 19:30:13 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 94E6737BFA4
	for <questions@FreeBSD.ORG>; Tue, 21 Mar 2000 19:30:06 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id WAA85330;
	Tue, 21 Mar 2000 22:29:25 -0500 (EST)
	(envelope-from cjc)
Date: Tue, 21 Mar 2000 22:29:25 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Laszlo Vagner <george@vagner.com>
Cc: questions@FreeBSD.ORG
Subject: Re: wierd problem with natd
Message-ID: <20000321222925.B85043@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <00032114373100.05442@john.vagner.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <00032114373100.05442@john.vagner.com>; from george@vagner.com on Tue, Mar 21, 2000 at 02:22:39PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Mar 21, 2000 at 02:22:39PM -0700, Laszlo Vagner wrote:
> i have 2 network cards vr0 and ed1 installed with firewall enabled and using a
> rule that is open running natd -n ed1.
> 
> 2 machines are 192.168.151.1 and .2 the vro interface is
> .0 and the ed1 interface is on outside net.

Ummm... Do you mean .140, .141, and .142 here?

> i can ping the internet from the .1 machine thru the gateway but not from
> the .2 machine, i tried pinging ip addresses inside and that works but not the
> outside interface on 1 machine only.
>
> i hope this is clear... the inside machines are win 98 and the gateway is set
> to the outside interface address.

OK, let me see if I can figure this out,

  - .141, a machine on your private net, can ping machines on the
    Internet.

  - .142, the other private net machine, can _NOT_ ping the Internet.

  - .142 CAN ping .140, .141.

OK, why do you think this is a problem with the NAT gateway? It
sounds like the problem is with .142. Is its default gateway, .140,
properly set? If so, do some tcpdump(1)s on your internal interface
while .142 pings and see what is up.

[snip output and config files that all looked good until...]

> $ 
> relevant /etc/defaults/rc.conf
> 
> 
> firewall_enable="YES"           # Set to YES to enable firewall functionality
> firewall_script="/etc/firewall" # Which script to run to set up the firewall
> firewall_type="open"            # Firewall type (client /etc/rc.firewall)
> firewall_quiet="NO"             # Set to YES to suppress rule display
> natd_program="/sbin/natd"       # path to natd, if you want a different one.
> natd_enable="YES"                # Enable natd (if firewall_enable == YES).
> natd_interface="ed1"            # Public interface or IPaddress to use.
> natd_flags=""                   # Additional flags for natd.

Don't touch /etc/defaults/rc.conf. Put the override values in rc.conf.
I think the contents of /etc/defaults should be set 444 and schg in
installation.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message