natd not doing anything

Rebecca Dridan r.dridan at ridley.unimelb.edu.au
Tue Sep 28 04:11:45 PDT 2004


Hi all:

I am having some issues with network set-up. I'm running CURRENT as of
26th September, with an ipfw firewall and natd. I have one gateway
machine with one external NIC and 3 internal NICs. At present nothing from
my internal machines can get out. I've reduced the firewall (temporarily) to
a basic
	ipfw -f flush
	divert natd ip from any to any via fxp0
	allow ip from any to any

When I turn logging on, I see the packets being diverted, and then
accepted by later rules, but not being rewritten in between, ie

ipfw: 30 Divert 8668 TCP 192.168.7.2:54619 <remote IP>:1025 out via fxp0
ipfw: 70 Accept TCP 192.168.7.2:54619 <remote IP>:1025 out via fxp0

and the packets never get to the remote IP. I can see natd running with
ps, but even when I run it on the command line with -v it doesn't seem to
do anything.

Is there something I'm missing? Something else I could check? I've attched
the relevant bits of my rc.conf and kernel conf below. Any other
information that would be useful, please ask.

Thanks,

Bec

(please CC me with any replies)

The relevant bits of rc.conf:
firewall_enable="YES"           # Set to YES to enable firewall
functionality
firewall_script="/etc/rc.firewall.local" # Which script to run to set up
the fir
ewall
firewall_quiet="YES"            # Set to YES to suppress rule display

# Enable routing
gateway_enable="YES"            # Set to YES if this host will be a
gateway.
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-u"

kernel config:

options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
options         IPFIREWALL              #firewall - need for mac filtering
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
default
options         IPFIREWALL_FORWARD      #enables changing of packet dest
options         IPDIVERT       #divert IP sockets, used by ipfw divert



More information about the freebsd-current mailing list