Re: NAT trouble
JJB [EMAIL PROTECTED] writes: A new rewrite of the FreeBSD handbook firewall section is currently being made ready for update to the handbook. You can get an in-process copy from www.a1poweruser.com/FBSD_firewall/ For more help post complete contents of your rc.conf, ppp.conf, ipfw rules, dmesg.boot, ppp.log, files along with description of how you are connected to the public internet. Thanks you. Thanks to that page, I'm a bit closer to a solution, I think. I have arrived at the following ipfw.rules, based on the last example on that page: ipfw.rules Description: Binary data Here are the resulting output of 'ipfw list', for good measure: ipfw.list Description: Binary data The only significant changes I've made are to how DNS is allowed. It would be nice to hear if those rules look ok. Now, what that is missing is examples on how to get NAT port forwarding working. I've been playing around with that, based on what I can figure out from the natd man page, with no success. Here are the rest of the relevant configuration/log files: rc.conf Description: Binary data ppp.conf Description: Binary data ppp.log Description: Binary data And here's the natd.conf file. Hopefully you can give me some pointers on what's wrong with my port forwarding attempts from there. natd.conf Description: Binary data (I couldn't locate any dmesg.boot file.) Thanks for all your help, Björn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT trouble
Hi friends, I using nat in my home dial connection. The route is fine but my machine is responding that the network is unrecheable for names, and if I put the DNS adresses in resolv.conf it works. I did some like that a time ago in a linux suite (that is getting the same problem after a upgrade), what I missing? Thanks Björn Lindström wrote: I'm having some trouble to get NAT working on the Internet gateway of my home LAN. Here's my setup: I have compiled a kernel with the following options added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT I have these relevant settings in my rc.conf: gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=tun0 natd_flags=-f /etc/natd.conf (Where tun0 is the interface of my ADSL connection.) My natd.conf only contains this line: redirect_port tcp 192.168.0.2:15000 15000 Now, when I reboot, ipfw show shows this: 00050 0 0 divert 8668 ip from any to any via tun0 00100 182 15680 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 11015 3073646 allow ip from any to any 65535 4 236 deny ip from any to any Here are the problems: * ps ax|grep natd shows that natd is not running. * While I still cat get to the gateway from the inside, connections to the Net doesn't work, until I 'ipfw delete 00050'. I hope someone here has a clue as to what may be wrong with my setup. Thanks in advance, Björn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: NAT trouble
Add this statement to your ppp.conf file enable dns -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cleyton Agapito Sent: Wednesday, July 21, 2004 2:09 PM Cc: [EMAIL PROTECTED] Subject: Re: NAT trouble Hi friends, I using nat in my home dial connection. The route is fine but my machine is responding that the network is unrecheable for names, and if I put the DNS adresses in resolv.conf it works. I did some like that a time ago in a linux suite (that is getting the same problem after a upgrade), what I missing? Thanks Björn Lindström wrote: I'm having some trouble to get NAT working on the Internet gateway of my home LAN. Here's my setup: I have compiled a kernel with the following options added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT I have these relevant settings in my rc.conf: gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=tun0 natd_flags=-f /etc/natd.conf (Where tun0 is the interface of my ADSL connection.) My natd.conf only contains this line: redirect_port tcp 192.168.0.2:15000 15000 Now, when I reboot, ipfw show shows this: 00050 0 0 divert 8668 ip from any to any via tun0 00100 182 15680 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 11015 3073646 allow ip from any to any 65535 4 236 deny ip from any to any Here are the problems: * ps ax|grep natd shows that natd is not running. * While I still cat get to the gateway from the inside, connections to the Net doesn't work, until I 'ipfw delete 00050'. I hope someone here has a clue as to what may be wrong with my setup. Thanks in advance, Björn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT trouble
[EMAIL PROTECTED] (Björn Lindström) wrote: Bill Moran [EMAIL PROTECTED] writes: (Where tun0 is the interface of my ADSL connection.) Is tun0 the real interface? No, the actual card is rl0: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::2e0:4cff:feb0:5d5b%rl0 prefixlen 64 scopeid 0x1 ether 00:e0:4c:b0:5d:5b media: Ethernet autoselect (100baseTX full-duplex) status: active ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 81.228.156.82 -- 81.228.156.1 netmask 0x Opened by PID 53 Is it the actual NIC that should be put in $nat_interface? No, you should use the tun0 as you have ... I was just checking. Perhaps natd isn't starting becuase the tun0 interface does not yet exist when it tries to start? What happens if you start it manually? ^^ ? -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: NAT trouble
Change natd_interface=tun0 to natd_interface=rl0 Change 00050 0 0 divert 8668 ip from any to any via tun0 to 00050 0 0 divert 8668 ip from any to any via rl0 redirect rl0 tcp 192.168.0.2:15000 15000 A new rewrite of the FreeBSD handbook firewall section is currently being made ready for update to the handbook. You can get an in-process copy from www.a1poweruser.com/FBSD_firewall/ For more help post complete contents of your rc.conf, ppp.conf, ipfw rules, dmesg.boot, ppp.log, files along with description of how you are connected to the public internet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Björn Lindström Sent: Sunday, July 18, 2004 11:26 AM To: [EMAIL PROTECTED] Subject: NAT trouble I'm having some trouble to get NAT working on the Internet gateway of my home LAN. Here's my setup: I have compiled a kernel with the following options added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT I have these relevant settings in my rc.conf: gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=tun0 natd_flags=-f /etc/natd.conf (Where tun0 is the interface of my ADSL connection.) My natd.conf only contains this line: redirect_port tcp 192.168.0.2:15000 15000 Now, when I reboot, ipfw show shows this: 00050 0 0 divert 8668 ip from any to any via tun0 00100 182 15680 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 11015 3073646 allow ip from any to any 65535 4 236 deny ip from any to any Here are the problems: * ps ax|grep natd shows that natd is not running. * While I still cat get to the gateway from the inside, connections to the Net doesn't work, until I 'ipfw delete 00050'. I hope someone here has a clue as to what may be wrong with my setup. Thanks in advance, Björn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT trouble
[EMAIL PROTECTED] (Björn Lindström) wrote: I'm having some trouble to get NAT working on the Internet gateway of my home LAN. Here's my setup: I have compiled a kernel with the following options added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT I have these relevant settings in my rc.conf: gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=tun0 natd_flags=-f /etc/natd.conf (Where tun0 is the interface of my ADSL connection.) Is tun0 the real interface? My natd.conf only contains this line: redirect_port tcp 192.168.0.2:15000 15000 Now, when I reboot, ipfw show shows this: 00050 0 0 divert 8668 ip from any to any via tun0 00100 182 15680 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 11015 3073646 allow ip from any to any 65535 4 236 deny ip from any to any Here are the problems: * ps ax|grep natd shows that natd is not running. What happens if you start it manually? Are there any entries in /var/log/messages to tell you why it didn't start automatically? Looking at the output at system startup, there should be some indication of why natd didn't start. * While I still cat get to the gateway from the inside, connections to the Net doesn't work, until I 'ipfw delete 00050'. Are you saying that your internal machines _can_ get to the net when you delete that rule? If so, then you don't need nat, and you need to reconsider your configuration. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT trouble
Bill Moran [EMAIL PROTECTED] writes: (Where tun0 is the interface of my ADSL connection.) Is tun0 the real interface? No, the actual card is rl0: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::2e0:4cff:feb0:5d5b%rl0 prefixlen 64 scopeid 0x1 ether 00:e0:4c:b0:5d:5b media: Ethernet autoselect (100baseTX full-duplex) status: active ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 81.228.156.82 -- 81.228.156.1 netmask 0x Opened by PID 53 Is it the actual NIC that should be put in $nat_interface? What happens if you start it manually? Are there any entries in /var/log/messages to tell you why it didn't start automatically? Looking at the output at system startup, there should be some indication of why natd didn't start. Nope. There's nothing helpful there that I can see. Only this seems related: Jul 18 17:13:36 calliope /kernel: IP packet filtering initialized, \ divert enabled, rule-based forwarding enabled, default to deny, \ logging limited to 10 packets/entry by default ...and that seems right. Are you saying that your internal machines _can_ get to the net when you delete that rule? If so, then you don't need nat, and you need to reconsider your configuration. I need NAT, because I need machines inside the LAN to serve certain ports. (15000, as you can see from the line from natd.conf.) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]