pppoe + ipfw + natd and jails

Deceased deceased at webmail.vulcano.lt
Sun Nov 20 14:22:12 GMT 2005 

Hi,

I'm runnig fbsd as a router at home for dsl. Everything was runing fine
until one day. Suddenly all pcs in lan stoped opening foreign web pages
and connecting to foreign hosts, though I could ping those hosts.
That seemd like isp problem so i called them and they said everything is
fine. So I started to mess around with ipfw rules.

So heres my conf.:

dsl modem
  ^
  |
[tun0]
[rl0]
FBSD
[bind jail with mldonkey]
[squid jail]
[rl1]
  |
  |
  ^
LAN

The conf. of ipfw and natd that worked earlier

#ipfw list
05000 divert 8668 ip from any to any via tun0
06000 allow ip from any to any
65535 deny ip from any to any

#cat natd.conf
dynamic yes
same_ports yes
use_sockets yes
unregistered_only yes
redirect_port tcp 192.168.0.253:4662 4662
redirect_port udp 192.168.0.253:4662 4662
redirect_port tcp 192.168.0.253:4672 4672
redirect_port udp 192.168.0.253:4672 4672
redirect_port tcp 192.168.0.253:6346 6346
redirect_port udp 192.168.0.253:6346 6346
redirect_port tcp 192.168.0.253:6347 6347
redirect_port udp 192.168.0.253:6347 6347
redirect_port tcp 192.168.0.253:6881-6889 6881-6889
redirect_port udp 192.168.0.253:6881-6889 6881-6889
redirect_port tcp 192.168.0.253:1214 1214
redirect_port tcp 192.168.0.253:9999 9999
redirect_port tcp 192.168.0.253:4444 4444
redirect_port udp 192.168.0.253:4444 4444
redirect_port udp 192.168.0.253:2234 2234

[192.168.0.253 is a bind jail with mldonkey]

#cat rc.conf
gateway_enable="YES"
hostname="gw.anm.lan"
ifconfig_pcn0="down"
ifconfig_rl1="inet 192.168.0.254  netmask 255.255.255.0"
ifconfig_rl0="up"
ifconfig_tun0="up"
ppp_enable="YES"
ppp_profile="takas"
ppp_mode="ddial"
firewall_enable="YES"
firewall_type="/etc/firewall/ipfw.rules"
firewall_quiet="NO"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/firewall/natd.conf"
usbd_enable="NO"
sendmail_enable="NONE"
syslogd_flags="-b 192.168.0.254"

IPs to jails aliased added when jail is starting. I use jailctl util for
that.

#jls
    JID  IP Address      Hostname                      Path
      2  192.168.0.252   squid.anm.lan          /usr/jails/squid.anm.lan
      1  192.168.0.253   ns0.anm.lan            /usr/jails/ns0.anm.lan

Ok now to the problem solving.

when i add this line to ipfw foreign pages are loaded, but mldonkey
isn't able to connect:
>>01000 allow ip from any to any
   05000 divert 8668 ip from any to any via tun0
   06000 allow ip from any to any
   65535 deny ip from any to any

so i used the handbook for ipfw and natd and came to this rule set:

add 00020 allow all from any to any via rl1
add 00030 allow all from any to any via lo0
add 00100 divert natd ip from any to any in via tun0
add 00101 check-state
add 00200 skipto 5000 all from any to any out via rl0 keep-state
add 05000 divert natd ip from any to any out via tun0
add 06000 allow all from any to any
add 65535 deny ip from any to any

but everything is the same: foreign pages are not loaded, mldonkey is
downloading.

Thanks for help.

More information about the freebsd-questions mailing list