Re: NAT/DIVERT Issues in 5.2.1 Release
I've downgraded back to 4.10 and my problems have disapeared. I'm not sure what has changed in the 5 series to cause these issues. A few observations I've made though: netstat -rn gives you a bunch of kvm_read error messages. Also the output of netstat -rn is completely corrupt (the netif, use, and expire columns show numerical garbage. Also I've noticed that any firewall rule (in IPFW) which uses an interface in the rule takes no affect whatsoever, other rules work fine (hence why my divert rule which matched the external interface didn't take any affect (confirmed via the counters in ipfw show). Not sure whats broken, I'll try again when the 5.x tree goes STABLE and see if my results vary. Until then the 4.x series should meet my needs. Thanks for the advice, especially the link to rewritten firewall section of the handbook. I will look that over when I have more time to spare. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT/DIVERT Issues in 5.2.1 Release
What is your firewall running with/ Can you provide a paste of 'ipfw show'? Also, what is in your natd.conf? > -Original Message- > From: Denis Lemire [mailto:[EMAIL PROTECTED] > Sent: Saturday, September 11, 2004 02:57 AM > To: [EMAIL PROTECTED] > Subject: NAT/DIVERT Issues in 5.2.1 Release > > I've just completed a frustrating day of attempting to get nat working > on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat > enabled Internet gateway, I have set this up on many machines with > prior versions. > > I've compiled my kernel with the ip divert and firewall options > needed. I have enabled the firewall and natd in my rc.conf, and have > (for now) set firewall type to open and gateway_enable="yes". > > The setup simply won't work, the appropriate rules are in the > firewall, and the natd daemon is running. The main thing I find that > doesn't make sense is running "ipfw -a l" lists the divert rule but > its values are zeroed out such that it has been used. > > Is there an issue with nat on 5.2.1-RELEASE? I've even tried compiling > a kernel from cvsup (5.2.1-RELEASE-p9 I believe). > > Any suggestions on where I might have messed this up would be excellent. > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: NAT/DIVERT Issues in 5.2.1 Release
Your question is way to vague. You have to post your ipfw rules file and the contents of rc.conf for people to review before anybody can help you. First piece of advice is to not use the default firewall rules as its way outdated and does more to confuse a person than really work as an firewall rule set. Second you should read the complete rewrite of the handbook firewall section at www.a1poweruser.com/FBSD_firewall/ for details on configuring ipfw. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Denis Lemire Sent: Friday, September 10, 2004 10:58 PM To: [EMAIL PROTECTED] Subject: NAT/DIVERT Issues in 5.2.1 Release I've just completed a frustrating day of attempting to get nat working on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat enabled Internet gateway, I have set this up on many machines with prior versions. I've compiled my kernel with the ip divert and firewall options needed. I have enabled the firewall and natd in my rc.conf, and have (for now) set firewall type to open and gateway_enable="yes". The setup simply won't work, the appropriate rules are in the firewall, and the natd daemon is running. The main thing I find that doesn't make sense is running "ipfw -a l" lists the divert rule but its values are zeroed out such that it has been used. Is there an issue with nat on 5.2.1-RELEASE? I've even tried compiling a kernel from cvsup (5.2.1-RELEASE-p9 I believe). Any suggestions on where I might have messed this up would be excellent. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT/DIVERT Issues in 5.2.1 Release
There is no issue I know of. FBSD-5.2.1-R-p9 works nicely as a NAT gateway at my location. However the information you have provided is too little for getting hold of the problem. We could try to figure something out but we need some more informations, like how set it up, firewall rules, etc. Regards S. On Fri, 10 Sep 2004 20:57:44 -0600, Denis Lemire <[EMAIL PROTECTED]> wrote: > I've just completed a frustrating day of attempting to get nat working > on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat > enabled Internet gateway, I have set this up on many machines with > prior versions. > > I've compiled my kernel with the ip divert and firewall options > needed. I have enabled the firewall and natd in my rc.conf, and have > (for now) set firewall type to open and gateway_enable="yes". > > The setup simply won't work, the appropriate rules are in the > firewall, and the natd daemon is running. The main thing I find that > doesn't make sense is running "ipfw -a l" lists the divert rule but > its values are zeroed out such that it has been used. > > Is there an issue with nat on 5.2.1-RELEASE? I've even tried compiling > a kernel from cvsup (5.2.1-RELEASE-p9 I believe). > > Any suggestions on where I might have messed this up would be excellent. > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT/DIVERT Issues in 5.2.1 Release
I've just completed a frustrating day of attempting to get nat working on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat enabled Internet gateway, I have set this up on many machines with prior versions. I've compiled my kernel with the ip divert and firewall options needed. I have enabled the firewall and natd in my rc.conf, and have (for now) set firewall type to open and gateway_enable="yes". The setup simply won't work, the appropriate rules are in the firewall, and the natd daemon is running. The main thing I find that doesn't make sense is running "ipfw -a l" lists the divert rule but its values are zeroed out such that it has been used. Is there an issue with nat on 5.2.1-RELEASE? I've even tried compiling a kernel from cvsup (5.2.1-RELEASE-p9 I believe). Any suggestions on where I might have messed this up would be excellent. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
