NATD and PPP problem
Alex de Kruijff
freebsd at akruijff.dds.nl
Tue Aug 5 15:27:06 PDT 2003
On Tue, Aug 05, 2003 at 05:02:50PM +0200, Jacob Vennervald wrote:
> Hi
>
> I've installed a FreeBSD 4.8 machine, which I wanna use as a
> NAT/Router/Firewall.
> I have setup the pppoe connection which works perfectly and then I've
> tried to setup the machine as a NAT Router by setting the following in
> the rc.conf:
> firewall_enable="YES"
> firewall_type="open"
> natd_enable="YES"
> natd_interface="tun0"
> But when I restart the machine it gives me the following error:
> "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot
> get interface address"
>
> When I log in and type "ifconfig" I can also see that the tun0 interface
> doesn't exist, but when I turn off the two natd settings in rc.conf and
> reboot it does exist.
>
> Can anybody help?
>
> Cheers,
> Jacob Vennervald
I assume you use ppp to setup your connection. If you don't this isn't
going to work for you.
You proberbly want to use the nat within the ppp tool instead. Try to
leave the natd lines out of the rc.conf and add "nat enable yes" to
this file: /etc/ppp/ppp.conf. Your gateway has internet afther this,
but you lan doesn't.
You must make sure that your firewall includes a line like:
"divert 8668 ip from any to any via tun0". This send the packets to the
natd port for processing. It could be that ipfw (the firewall) is
called before ppp. This could cause it to ignore this rule.
The best thing is to create a simple firewall with a script at first.
Something like:
ipfw flush
ipfw add 100 allow ip from any to any via lo0
ipfw add 200 deny ip from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8
ipfw add 400 divert natd from any to any via tun0
ipfw add 500 allow ip from any to any
And then execute it on the prompt like "script &". The & sign is
importent if you didn't compile the kernel so that it allows all
trafic by default. If your firewall denies all traffic by default then
you may experiance a drop of you connection. Your script is aborted at
this time, if it doesn't run in the bacground.
--
Alex
Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
More information about the freebsd-questions
mailing list