Re: another go at ipfw/natd
hi thanks this worked :) In the gothic chambers of the underworld on Thu, Jan 16, 2003 at 03:51:55PM -0600, Daniel Schrock darkly muttered: > Redmond Militante wrote: > >xl1: flags=3D8843 mtu 1500 > >options=3D3 > >inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 > >inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2=20 > >ether 00:06:5b:80:98:5b > >media: Ethernet autoselect (none) > >status: no carrier > ^^ > This is your problem. > > > >Do your net card and hub both have link lights? > > > >>i > > > > > >i am hooking the client directly into the internal nic on the gateway, so > >n= > >o hub. i've verified that both nics on the gateway work - did this by > >conf= > >iguring xl1 as the primary nic, and it worked. > > You can't do this. > You _must_ use a crossover cable to connect 2 NICs directly together. > You need to use a hub or switch to use straight-through ethernet cables. > > > .daniel.schrock > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > msg15703/pgp0.pgp Description: PGP signature
Re: another go at ipfw/natd
Redmond Militante wrote: 3. What does ifconfig display on the gateway? Does xl1 show as "up" with a valid media type? xl1: flags=8843 mtu 1500 options=3 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2 ether 00:06:5b:80:98:5b media: Ethernet autoselect (none) status: no carrier Notice the 'autoselect (none)' and 'status: no carrier' These are indicative of faulty wiring or NIC problems. Since you state that you tested the NICs, I would double check the wiring. If you're going directly NIC<->NIC, you'll need a crossover cable. Make sure that the cable you're using is a crossover and is properly wired. If so, verify that the cable is good (usually easiest to try a different cable, unless you have the pricey testing stuff). It looks like everything else is OK, I'm guessing that once you've got the cable situation worked out, everything will start working. i am hooking the client directly into the internal nic on the gateway, > so no hub. i've verified that both nics on the gateway work - did this > by configuring xl1 as the primary nic, and it worked. Do the NICs have link lights on the back? Most NICs do. I'm guessing that they're dark, indicating that it can't negiotiate a link. Although I've seen some NICs that will turn the link light on even if things are wired wrong (which is really frustrating when you're trying to diagnose problems!) -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: another go at ipfw/natd
Redmond Militante wrote: xl1: flags=3D8843 mtu 1500 options=3D3 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2=20 ether 00:06:5b:80:98:5b media: Ethernet autoselect (none) status: no carrier ^^ This is your problem. Do your net card and hub both have link lights? i i am hooking the client directly into the internal nic on the gateway, so n= o hub. i've verified that both nics on the gateway work - did this by conf= iguring xl1 as the primary nic, and it worked. You can't do this. You _must_ use a crossover cable to connect 2 NICs directly together. You need to use a hub or switch to use straight-through ethernet cables. .daniel.schrock To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: another go at ipfw/natd
> > Let me ask some questions to help diagnose this: > 1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1? > yes to both 2. What's in /etc/resolv.conf on the gateway and the client machine? > /etc/resolv.conf is identical on gateway and client machines search northwestern.edu nameserver 129.105.49.1 nameserver 165.124.49.21 ~ 3. What does ifconfig display on the gateway? Does xl1 show as "up" with a > valid media type? > xl0: flags=8843 mtu 1500 options=3 inet 129.105.51.35 netmask 0xff00 broadcast 129.105.51.255 inet6 fe80::210:5aff:fec6:8bcb%xl0 prefixlen 64 scopeid 0x1 ether 00:10:5a:c6:8b:cb media: Ethernet autoselect (100baseTX ) status: active xl1: flags=8843 mtu 1500 options=3 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2 ether 00:06:5b:80:98:5b media: Ethernet autoselect (none) status: no carrier (ifconfig has changed slightly here - i was experimenting by giving xl1 a subnet mask of 255.255.255.0 - still doesn't work) Do your net card and hub both have link lights? >i i am hooking the client directly into the internal nic on the gateway, so no hub. i've verified that both nics on the gateway work - did this by configuring xl1 as the primary nic, and it worked. thanks redmond > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > msg15695/pgp0.pgp Description: PGP signature
Re: another go at ipfw/natd
Redmond Militante wrote: hi again i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two > nics as a gateway/natd box, and place the second machine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter="129.x.x.1" hostname="enquirer.medill.northwestern.edu" ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0" ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" gateway_enable="YES" firewall_enable="YES" #firewall_script="/etc/rc.firewall" firewall_type="OPEN" natd_enable="YES" natd_interface="xl0" natd_flags="" second machine's /etc/rc.conf: defaultrouter="10.0.0.1" ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0" 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html "Each machine and interface behind the LAN should be assigned IP address numbers in the private > network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address." this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org' > times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address > of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client > machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response. Let me ask some questions to help diagnose this: 1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1? 2. What's in /etc/resolv.conf on the gateway and the client machine? 3. What does ifconfig display on the gateway? Does xl1 show as "up" with a valid media type? Do your net card and hub both have link lights? -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
another go at ipfw/natd
hi again i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two nics as a gateway/natd box, and place the second machine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter="129.x.x.1" hostname="enquirer.medill.northwestern.edu" ifconfig_xl0="inet 129.x.x.35 netmask 255.255.255.0" ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" gateway_enable="YES" firewall_enable="YES" #firewall_script="/etc/rc.firewall" firewall_type="OPEN" natd_enable="YES" natd_interface="xl0" natd_flags="" second machine's /etc/rc.conf: defaultrouter="10.0.0.1" ifconfig_xl0="inet 10.0.0.2 netmask 255.0.0.0" 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html "Each machine and interface behind the LAN should be assigned IP address numbers in the private network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address." this isn't working for me. i cannot ping outside machines from the client machine. 'ping www.freebsd.org' times out. pinging the ip address outside the router gives me 'no route to host', pinging the ip address of the gateway box gives me 'no route to host'. 'ping 10.0.0.1' gives me 'host is down'. the client machine can ping itself and get a response, however - 'ping 10.0.0.2' gives me a response. please help, i'm stuck. msg15692/pgp0.pgp Description: PGP signature
