NAT Dropping Internal Connection
Jeremy Bingham
jeremy at satanosphere.com
Fri Jun 27 08:39:43 PDT 2003
On 27/06/03 10:43 -0300, Han Hwei Woo wrote:
> Is there any reason you are running both ipfw + ipfilter? Although they
> probably should play nice together, it might be best not to tempt fate,
> especially when you're experiencing problems. Also, are you using ipnat or
> natd to perform NAT?
I tried taking IPDIVERT out of my kernel, but that killed NAT, so I had
to revert to the old kernel. I'm still playing with it. I had been
told that running both IPFIREWALL and IPDIVERT was unecessary.
I am running natd to perform NAT (with the -dynamic flag).
-j
>
> ----- Original Message -----
> From: "Jeremy Bingham" <jeremy at satanosphere.com>
> To: <freebsd-questions at freebsd.org>
> Sent: Wednesday, June 25, 2003 4:16 PM
> Subject: Re: NAT Dropping Internal Connection
>
> On 25/06/03 14:39 -0400, FBSD_User wrote:
> > Sounds like hardware problem with the switch or hub on your LAN.
>
> Rebooting the machine makes the NAT stuff work again. Could the hub
> still be a problem in that case?
>
> -j
>
> >
> > -----Original Message-----
> > From: owner-freebsd-questions at freebsd.org
> > [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Jeremy
> > Bingham
> > Sent: Wednesday, June 25, 2003 2:25 PM
> > To: freebsd-questions at freebsd.org
> > Subject: NAT Dropping Internal Connection
> >
> > I have a P-200 running 4.8-STABLE running as a NAT box at home. It
> > runs
> > well, except that periodically it will drop it's connection on the
> > internal side of the network. The external interface still works,
> > but the
> > internal machines can't ping the NAT box at all and the NAT box
> > can't
> > ping the internal machines.
> >
> > I've looked through the mailing lists and google for hints why this
> > might be happening, but I can't find anything. /var/log/messages
> > also
> > reveals nothing. Here are the relevant kernel options:
> >
> > options IPFIREWALL
> > options IPFIREWALL_FORWARD
> > options IPFIREWALL_DEFAULT_TO_ACCEPT
> > options IPDIVERT
> > options IPFILTER
> > options IPSTEALTH
> > options RANDOM_IP_ID
> > options TCP_DROP_SYNFIN
> >
> > Would any of those cause the problem, or is there a kernel option
> > that
> > I'm accidentally leaving off?
> >
> > Thanks,
> >
> > -Jeremy Bingham
> >
> >
> > ----------------------------------------------
> > /* You are not expected to understand this. */
> >
> > Captain_Tenille
> > http://www.satanosphere.com/
> > jeremy at satanosphere.com
> >
>
> --
>
> ----------------------------------------------
> /* You are not expected to understand this. */
>
> Captain_Tenille
> http://www.satanosphere.com/
> jeremy at satanosphere.com
>
--
----------------------------------------------
/* You are not expected to understand this. */
Captain_Tenille
http://www.satanosphere.com/
jeremy at satanosphere.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030627/bd0cba2c/attachment.bin
More information about the freebsd-questions
mailing list