Date: Fri, 18 May 2012 08:07:16 -0400 From: David Banning <david+dated+1337774837.907aca@skytracker.ca> To: Chuck Swiger <cswiger@mac.com> Cc: questions@freebsd.org Subject: Re: problems with networking and route command Message-ID: <20120518120716.GA28838@skytracker.ca> In-Reply-To: <70BC5C41-FD4F-4B57-86F8-8C48BA075EC1@mac.com> References: <20120516200837.GA63280@skytracker.ca> <70BC5C41-FD4F-4B57-86F8-8C48BA075EC1@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is machines that connect and receive via DHCP 192.168.1.2 and above that > > can't connect to the internet though the server. I don't know a whole > > lot about route - I have been attempting a variation of route commands > > without success. > > You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range. I previously connected to the internet using ppp with the -nat option and now my connection has changed - so that makes sense. So I implemented natd. Unfortunately natd does not work as yet. I followed the setup as laid out in "man natd" and also used the layout in; http://www.freebsddiary.org/ipfw.php Here is my natd setup 1. Compiled IPFIREWALL & IPDIVERT into my kernel - went fine. Here is my rc.conf network related entries; natd_enable="YES" natd_interface="rl0" natd_flags="-f /etc/natd.conf" gateway_enable="YES" ifconfig_rl0="inet 64.40.244.36 netmask 255.255.255.240" defaultrouter="64.40.244.33" ifconfig_vr0="DHCP" ifconfig_vr0=up ifconfig_vr0="inet 192.168.1.1" network_interfaces="rl0 vr0 lo0" ifconfig_lo0="inet 127.0.0.1" firewall_enable="YES" firewall_script="/etc/firewall.rules" firewall_type="simple" firewall_logging="YES" dhcpd_ifaces="vr0" dhcpd_enable="YES" My firewall rules; ipfw add 64000 allow ip from any to any ipfw add divert natd all from any to any via rl0 ipfw add allow tcp from any to 192.168.2.1 139 ipfw add allow tcp from any to 192.168.1.1 139 ipfw add 6000 deny tcp from any to 64.40.244.36 139 ipfw add 6010 deny tcp from any to 64.40.244.36 445 ipfw add deny tcp from any to any 139 My /etc/natd.conf; interface rl0 use_sockets yes same_ports yes My /etc/services includes the line; natd 8668/divert # Network Address Translation socket Output of ifconfig; # ifconfig fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 ether 02:11:d8:b3:0e:43 ch 1 dma -1 vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 ether 14:d6:4d:47:88:ae media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 64.40.244.36 netmask 0xfffffff0 broadcast 64.40.244.47 inet6 fe80::211:95ff:fe66:7162%rl0 prefixlen 64 scopeid 0x3 ether 00:11:95:66:71:62 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 >From my initial communication I have swapped the uses of the two network cards - which explains the reversal of entries for devices vr0 and rl0. Still I have server connection to the internet on rl0 and server connection to the network on vr0 - but the network cannot connect to the internet via rl0. If there are any commands that would help collect information leading to the answer I would appreciate any feedback.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120518120716.GA28838>