In <[EMAIL PROTECTED]>, Eugene <[EMAIL PROTECTED]> shouted to everyone in earshot, >/etc/natd.conf >log yes >log_denied yes >interface rl0 >redirect_address 193.138.X.Z 0.0.0.0
I'm not an ipfw user, but I quick scan of the natd man page makes me think that redirect_address isn't something you want there, at least not with that first address. I get the impressing that it's for passing all incoming TCP SYNs (and probably UDP and ICMP packets) to the named machine, but I think you want to list the address of an internal host, not an address on your router. You shouldn't need that directive at all if you don't need to pass incoming connections to internal hosts, and even if you do want to do that, you could probably take it out until you have outbound NAT working. I don't know for sure that it's causing you any problems, but removing it could simplify things in the interim. >and tcpdump pruduces following output while brouser on a machine >192.168.1.16 tries to connect to internet: >14:55:46.731888 IP 192.168.1.16.44870 > 84.252.139.237.80: S >2051121078:2051121078(0) win 5840 <mss 1460,sackOK,timestamp 3568779 >0,nop,wscale 2> Is this from interface rl0 (public) or rl1 (internal)? If rl1, what does rl0 see? Did you rebuild your kernel with 'OPTIONS IPFIREWALL' and 'OPTIONS IPDIVERT' as the natd man page suggests? (Is that still necessary? I'm still just reading the natd man page and don't see those options in DFly 1.4.2 GENERIC.) I second the recommendation for using pf, especially if you aren't familiar with ipfw. You won't need to rebuild your kernel, for example. Jeff
