NAT trouble
Bill Moran
wmoran at potentialtech.com
Sun Jul 18 09:44:35 PDT 2004
bkhl at elektrubadur.se (Björn Lindström) wrote:
> I'm having some trouble to get NAT working on the Internet gateway of my
> home LAN.
>
> Here's my setup:
>
> I have compiled a kernel with the following options added:
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10
> options IPDIVERT
>
> I have these relevant settings in my rc.conf:
>
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="tun0"
> natd_flags="-f /etc/natd.conf"
>
> (Where tun0 is the interface of my ADSL connection.)
Is tun0 the real interface?
> My natd.conf only contains this line:
>
> redirect_port tcp 192.168.0.2:15000 15000
>
> Now, when I reboot, ipfw show shows this:
>
> 00050 0 0 divert 8668 ip from any to any via tun0
> 00100 182 15680 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 65000 11015 3073646 allow ip from any to any
> 65535 4 236 deny ip from any to any
>
>
> Here are the problems:
>
> * ps ax|grep natd shows that natd is not running.
What happens if you start it manually? Are there any entries in
/var/log/messages to tell you why it didn't start automatically? Looking
at the output at system startup, there should be some indication of why
natd didn't start.
> * While I still cat get to the gateway from the inside, connections to
> the Net doesn't work, until I 'ipfw delete 00050'.
Are you saying that your internal machines _can_ get to the net when you
delete that rule? If so, then you don't need nat, and you need to
reconsider your configuration.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list