natd not doing anything

Alex de Kruijff freebsd at akruijff.dds.nl
Wed Sep 29 08:05:58 PDT 2004 

I changed the list from current@ to questions@, since you question is
not only for CURRENT.

On Tue, Sep 28, 2004 at 09:11:39PM +1000, Rebecca Dridan wrote:
> Hi all:
> 
> I am having some issues with network set-up. I'm running CURRENT as of
> 26th September, with an ipfw firewall and natd. I have one gateway
> machine with one external NIC and 3 internal NICs. At present nothing from
> my internal machines can get out. I've reduced the firewall (temporarily) to
> a basic
> 	ipfw -f flush
> 	divert natd ip from any to any via fxp0
> 	allow ip from any to any
> 
> When I turn logging on, I see the packets being diverted, and then
> accepted by later rules, but not being rewritten in between, ie
> 
> ipfw: 30 Divert 8668 TCP 192.168.7.2:54619 <remote IP>:1025 out via fxp0
> ipfw: 70 Accept TCP 192.168.7.2:54619 <remote IP>:1025 out via fxp0
> 
> and the packets never get to the remote IP. I can see natd running with
> ps, but even when I run it on the command line with -v it doesn't seem to
> do anything.
> 
> Is there something I'm missing? Something else I could check? I've attched
> the relevant bits of my rc.conf and kernel conf below. Any other
> information that would be useful, please ask.
> 
> Thanks,
> 
> Bec
> 
> (please CC me with any replies)
> 
> The relevant bits of rc.conf:
> firewall_enable="YES"           # Set to YES to enable firewall
> functionality
> firewall_script="/etc/rc.firewall.local" # Which script to run to set up
> the firewall
> firewall_quiet="YES"            # Set to YES to suppress rule display
> 
> # Enable routing
> gateway_enable="YES"            # Set to YES if this host will be a
> gateway.
> natd_enable="YES"
> natd_interface="fxp0"
> natd_flags="-u"

Your rc.conf seems ok.

> 
> kernel config:
> 
> options         IPFILTER                #ipfilter support
> options         IPFILTER_LOG            #ipfilter logging
> options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
> options         IPFIREWALL              #firewall - need for mac filtering
> options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
> default
> options         IPFIREWALL_FORWARD      #enables changing of packet dest
> options         IPDIVERT       #divert IP sockets, used by ipfw divert

Your kernel is fine. Otherwise, you wouldn't have the ability to log or
to diverd. The later would result in packets being throuwn away at rule
30.

Can you add the output of ifconfig to this all? (i.e. has your fxp0
public IP?)

-- 
Alex

Articles based on solutions that I use:
http://www.kruijff.org/alex/FreeBSD/

More information about the freebsd-questions mailing list