Re: NATD and PPP problem
On Tue, Aug 05, 2003 at 05:02:50PM +0200, Jacob Vennervald wrote: > Hi > > I've installed a FreeBSD 4.8 machine, which I wanna use as a > NAT/Router/Firewall. > I have setup the pppoe connection which works perfectly and then I've > tried to setup the machine as a NAT Router by setting the following in > the rc.conf: > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="tun0" > But when I restart the machine it gives me the following error: > "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot > get interface address" > > When I log in and type "ifconfig" I can also see that the tun0 interface > doesn't exist, but when I turn off the two natd settings in rc.conf and > reboot it does exist. > > Can anybody help? > > Cheers, > Jacob Vennervald > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > end of the original message Use the -dynamic flag if the tun0 interface is not configured when natd starts up. From natd(8) manpage: [...] -dynamic If the -n or -interface option is used, natd will monitor the routing socket for alterations to the interface passed. If the interface's IP number is changed, natd will dynamically alter its concept of the alias address. [...] Add the following line to /etc/rc.conf: natd_flags="-dynamic" Even if you solved the problem, you may also want to try this solution. Francesco Casadei -- You can download my public key from http://digilander.libero.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B pgp0.pgp Description: PGP signature
Re: NATD and PPP problem
Hi Thanks a lot! The natd_flag="-dynamic" worked. Aparently the pppoe interface tun0 wasn't active yet when natd was started so it couldn't find the interface. Cheers, Jacob Vennervald On Wed, 2003-08-06 at 00:06, Francesco Casadei wrote: > On Tue, Aug 05, 2003 at 05:02:50PM +0200, Jacob Vennervald wrote: > > Hi > > > > I've installed a FreeBSD 4.8 machine, which I wanna use as a > > NAT/Router/Firewall. > > I have setup the pppoe connection which works perfectly and then I've > > tried to setup the machine as a NAT Router by setting the following in > > the rc.conf: > > firewall_enable="YES" > > firewall_type="open" > > natd_enable="YES" > > natd_interface="tun0" > > But when I restart the machine it gives me the following error: > > "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot > > get interface address" > > > > When I log in and type "ifconfig" I can also see that the tun0 interface > > doesn't exist, but when I turn off the two natd settings in rc.conf and > > reboot it does exist. > > > > Can anybody help? > > > > Cheers, > > Jacob Vennervald > > > > ___ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > end of the original message > > Use the -dynamic flag if the tun0 interface is not configured when natd > starts up. From natd(8) manpage: > > [...] > -dynamic > If the -n or -interface option is used, natd will monitor the > routing socket for alterations to the interface passed. If > the interface's IP number is changed, natd will dynamically > alter its concept of the alias address. > [...] > > Add the following line to /etc/rc.conf: > > natd_flags="-dynamic" > > Even if you solved the problem, you may also want to try this solution. > > Francesco Casadei > -- > You can download my public key from http://digilander.libero.it/fcasadei/ > or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) > > Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B > -- Venlig hilsen / Best regards, Jacob Vennervald System Developer Proventum Solutions ApS Tuborg Boulevard 12 2900 Hellerup Denmark Phone: +45 36 94 41 66 Mobile: +45 61 68 58 51 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATD and PPP problem
On Tue, Aug 05, 2003 at 05:02:50PM +0200, Jacob Vennervald wrote: > Hi > > I've installed a FreeBSD 4.8 machine, which I wanna use as a > NAT/Router/Firewall. > I have setup the pppoe connection which works perfectly and then I've > tried to setup the machine as a NAT Router by setting the following in > the rc.conf: > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="tun0" > But when I restart the machine it gives me the following error: > "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot > get interface address" > > When I log in and type "ifconfig" I can also see that the tun0 interface > doesn't exist, but when I turn off the two natd settings in rc.conf and > reboot it does exist. > > Can anybody help? > > Cheers, > Jacob Vennervald I assume you use ppp to setup your connection. If you don't this isn't going to work for you. You proberbly want to use the nat within the ppp tool instead. Try to leave the natd lines out of the rc.conf and add "nat enable yes" to this file: /etc/ppp/ppp.conf. Your gateway has internet afther this, but you lan doesn't. You must make sure that your firewall includes a line like: "divert 8668 ip from any to any via tun0". This send the packets to the natd port for processing. It could be that ipfw (the firewall) is called before ppp. This could cause it to ignore this rule. The best thing is to create a simple firewall with a script at first. Something like: ipfw flush ipfw add 100 allow ip from any to any via lo0 ipfw add 200 deny ip from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 ipfw add 400 divert natd from any to any via tun0 ipfw add 500 allow ip from any to any And then execute it on the prompt like "script &". The & sign is importent if you didn't compile the kernel so that it allows all trafic by default. If your firewall denies all traffic by default then you may experiance a drop of you connection. Your script is aborted at this time, if it doesn't run in the bacground. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATD and PPP problem
Hi again I finally got it working by specifying the static ip of my external interface in the natd_interface instead of tun0. Hope somebody else finds this helpfull. Cheers, Jacob Vennervald Jacob Vennervald wrote: Hi Here is the ppp.conf file: default: set log Phase tun command # you can add more detailed logging if you wish set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 webpartner: set device PPPoE:xl0 set authname set authkey set dial set login add default HISADDR Here's the complete rc.conf file: # Setup PPPoE for internet connection ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" # if you want to enable nat for your local network, otherwise NO ppp_profile="webpartner" # Setup NAT on external interface firewall_enable="YES" firewall_type="open" gateway_enable="YES" natd_enable="YES" natd_interface="tun0" # Setup internal interface ifconfig_fxp0="inet 10.0.0.1 netmask 255.255.255.0" # Set the hostname of the server hostname="myhost.mydomain.com" # Extra network settings inetd_enable="NO" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" sendmail_enable="NO" sshd_enable="YES" # Enable linux binaries linux_enable="YES" # Localization font8x8="iso-8x8" font8x14="iso-8x14" font8x16="iso-8x16" scrnmap="NO" keymap="danish.iso" # Enable mouse daemon moused_enable="YES" Andrew Boothman wrote: On Tuesday 05 August 2003 4:02 pm, Jacob Vennervald wrote: I have setup the pppoe connection which works perfectly and then I've tried to setup the machine as a NAT Router by setting the following in the rc.conf: firewall_enable="YES" firewall_type="open" natd_enable="YES" natd_interface="tun0" But when I restart the machine it gives me the following error: "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot get interface address" Hmmm Strange. I've got 4.8 doing what you want, except using an xl0 instead of a tun0 as the natd_interface because I get an ethernet port on my cable modem. Do you have ifconfig_tun0 = "DHCP" or something simiar in your rc.conf, or does pppoe set things up differently? How is pppoe configured to start in your setup? Can we see a more complete rc.conf (you can remove any specific addresses or other incriminating evidance ;) I can't say I have any experience with your problem - but hopefully we can shed some light on it. Cheers. Andrew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATD and PPP problem
Hi Here is the ppp.conf file: default: set log Phase tun command # you can add more detailed logging if you wish set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 webpartner: set device PPPoE:xl0 set authname set authkey set dial set login add default HISADDR Here's the complete rc.conf file: # Setup PPPoE for internet connection ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" # if you want to enable nat for your local network, otherwise NO ppp_profile="webpartner" # Setup NAT on external interface firewall_enable="YES" firewall_type="open" gateway_enable="YES" natd_enable="YES" natd_interface="tun0" # Setup internal interface ifconfig_fxp0="inet 10.0.0.1 netmask 255.255.255.0" # Set the hostname of the server hostname="myhost.mydomain.com" # Extra network settings inetd_enable="NO" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" sendmail_enable="NO" sshd_enable="YES" # Enable linux binaries linux_enable="YES" # Localization font8x8="iso-8x8" font8x14="iso-8x14" font8x16="iso-8x16" scrnmap="NO" keymap="danish.iso" # Enable mouse daemon moused_enable="YES" Andrew Boothman wrote: On Tuesday 05 August 2003 4:02 pm, Jacob Vennervald wrote: I have setup the pppoe connection which works perfectly and then I've tried to setup the machine as a NAT Router by setting the following in the rc.conf: firewall_enable="YES" firewall_type="open" natd_enable="YES" natd_interface="tun0" But when I restart the machine it gives me the following error: "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot get interface address" Hmmm Strange. I've got 4.8 doing what you want, except using an xl0 instead of a tun0 as the natd_interface because I get an ethernet port on my cable modem. Do you have ifconfig_tun0 = "DHCP" or something simiar in your rc.conf, or does pppoe set things up differently? How is pppoe configured to start in your setup? Can we see a more complete rc.conf (you can remove any specific addresses or other incriminating evidance ;) I can't say I have any experience with your problem - but hopefully we can shed some light on it. Cheers. Andrew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATD and PPP problem
On Tuesday 05 August 2003 4:02 pm, Jacob Vennervald wrote: > I have setup the pppoe connection which works perfectly and then I've > tried to setup the machine as a NAT Router by setting the following in > the rc.conf: > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="tun0" > But when I restart the machine it gives me the following error: > "Firewall rules loaded, starting divert daemons: natdnatd: tun0: cannot > get interface address" Hmmm Strange. I've got 4.8 doing what you want, except using an xl0 instead of a tun0 as the natd_interface because I get an ethernet port on my cable modem. Do you have ifconfig_tun0 = "DHCP" or something simiar in your rc.conf, or does pppoe set things up differently? How is pppoe configured to start in your setup? Can we see a more complete rc.conf (you can remove any specific addresses or other incriminating evidance ;) I can't say I have any experience with your problem - but hopefully we can shed some light on it. Cheers. Andrew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"