natd problem (but close!)
beantaxi at yahoo.com
Fri Dec 26 11:17:33 PST 2003
Thanks Michael. Yep, that rule is there:
(in response to a bash-2.0.4# ipfw -a list)
00050 1398666 172283391 divert 8668 ip from any to any via xl0
00100 1202 127228 allow ip from any to any via lo0
... etc ...
Very first rule. (I was going to mention this in my initial email
but I guess I forgot). I believe I was helped in this by
rc.firewall itself -- looks like that for 'open' and
'simple' it adds the divert rule if natd_enable is set.
I'm guessing this is newish, as the docs I read insisted
that I add the rule myself. In any case, it's there.
--- Micheal Patterson <micheal at tsgincorporated.com> wrote:
> ----- Original Message -----
> From: "The Bean" <beantaxi at yahoo.com>
> To: <freebsd-questions at freebsd.org>
> Sent: Friday, December 26, 2003 11:27 AM
> Subject: natd problem (but close!)
> > Hi all,
> > I've been trying to get natd up on a FreeBSD 4.9-Stable box.
> > I think I've followed every step, and it's still not quite working,
> > although I believe it's getting close. My dual-homed box has
> > two interfaces: internal ed0=10.13.0.1/8, and external
> > xl0=xx.yy.zz.187/29 (note I've cleverly obscured the IP).
> > Here's what I've done on the dual-homed box:
> > - Kernel compiled with IPFIREWALL & IPDIVERT
> > - gateway_enabled="YES", verified with sysctl -a list | grep ipforwarding
> > - firewall set to open
> > - natd_enabled="YES"
> > - natd_interface=my external interface
> > - natd_flags=-f /etc/natd.conf
> > - /etc/natd.conf contains one line: redirect_address 10.0.0.13
> > where xx.yy.zz.186 is the desired public IP for a client on my internal
> > network, whose internal IP is 10.0.0.13
> > On my client, I've set the default router to 10.13.0.1, which is the IP
> for the
> > internal interface for the gateway box.
> > The gateway can access the Internet just fine. The client has some
> > which I've attempted to diagnose by running tcpdump on the gateway, and
> > trying a ping and a lynx from the client. Here are the results, as
> > by the gateway:
> Do an ipfw list and you should see an entry at or very near the top similar
> divert 8668 ip from any to any via xl0
> If you don't, traffic isn't being diverted to NAT and it's trying to route
> the 10 /8 traffic to it's connected router and dieing there.
> Micheal Patterson
> Network Administration
> TSG Incorporated
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
More information about the freebsd-questions