Re: different ipfw/natd prob

Fri, 17 Jan 2003 07:12:19 -0800

Here's what I did that worked for me on FreeBSD 4.5-RELEASE

Maybe this will help you some.....

Kernel recompile options I added:
options IPFIREWALL # I added for firewall
options IPFIREWALL_DEFAULT_TO_ACCEPT # I added for firewall
options IPFIREWALL_VERBOSE # I added for firewall
options IPFIREWALL_VERBOSE_LIMIT=10 # I added for firewall
options IPFIREWALL_DEFAULT_TO_ACCEPT # I added for firewall
options IPFIREWALL_FORWARD # I added for firewall
options IPDIVERT # I added for natd

ipfw rules:
/sbin/ipfw add 100 pass all from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add 200 divert natd all from any to any via rl0

ifconfig:
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<rxcsum,txcsum>
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::201:2ff:fee8:2298%xl0 prefixlen 64 scopeid 0x1
ether 00:01:02:e8:22:98
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 24.xx.xxx.61 netmask 0xfffffe00 broadcast 24.xxxx.xxx.255
inet6 fe80::250:bfff:fe51:5503%rl0 prefixlen 64 scopeid 0x2
ether 00:50:bf:51:55:03
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active

rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.cf"
hostname="mygatewayhost"
ifconfig_rl0="inet 24.121.16.61 netmask 255.255.254.0"
ifconfig_xl0="inet 192.168.0.1 netmask 255.255.255.0"


WillyB



[EMAIL PROTECTED] wrote:
following is rc.conf, /etc/natd.conf, ifconfig, ipfw show

rc.conf

inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
tcp_extensions="YES"
named_enable="YES"
sendmail_enable="NO"
portmap_enable="YES"
router_enable="yes"
router="/sbin/routed"
router_flags="-q"
defaultrouter="68.abc.de.1"
hostname="www.kingrea.com"
network_interfaces="lo0 fxp0 dc0"
ifconfig_lo0="inet 127.0.0.1"
ifconfig_dc0="inet 68.abc.de.14 netmask 255.255.255.0 media 10baseT/UTP"
ifconfig_fxp0="inet 192.168.2.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
gateway_enable="YES"
natd_enable="YES"
natd_interface="dc0"
natd_flags="-f /etc/natd.conf"

natd.conf

interface dc0
use_sockets yes
same_ports yes

ifconfig

dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 68.abc.de.14 netmask 0xffffff00 broadcast 68.abc.de.255
        inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1
        ether 00:04:5a:5a:99:87
        media: Ethernet 10baseT/UTP
        status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2
        ether 00:a0:c9:5c:37:38
        media: Ethernet autoselect (100baseTX)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552

ipfw show

00100   0   0 allow ip from any to any via lo0
00200   0   0 deny ip from any to 127.0.0.0/8
00300   0   0 deny ip from 127.0.0.0/8 to any
65000   4208    345040 all ip from any to any
65535   0   0 deny ip from any to any


thanks for assistance!

stephen d. kingrea

On Fri, 17 Jan 2003, Bill Moran wrote:



Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
"open" until problem is solved. server can ping all machines on lan.
On a wild guess, it sounds like your divert rule is wrong.
Need more information to help with this.

Please repost to the list and include the following:
The output of 'ipfw show'
The output of 'ifconfig'
The contents of your rc.conf file

--
Bill Moran
Potential Technologies
http://www.potentialtech.com


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message


--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to