i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
open until problem is solved. server can
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
open until
oh, this looks bad before i do that, i should mention that in the
meantime, i tried to add a divert rule and got
ip_fw_ctl: invalid command
on boot, i get
IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging disabled
is this a clue
following is rc.conf, /etc/natd.conf, ifconfig, ipfw show
rc.conf
inetd_enable=YES
kern_securelevel_enable=NO
linux_enable=YES
tcp_extensions=YES
named_enable=YES
sendmail_enable=NO
portmap_enable=YES
router_enable=yes
router=/sbin/routed
router_flags=-q
defaultrouter=68.abc.de.1
Here's what I did that worked for me on FreeBSD 4.5-RELEASE
Maybe this will help you some.
Kernel recompile options I added:
options IPFIREWALL # I added for firewall
options IPFIREWALL_DEFAULT_TO_ACCEPT# I added for firewall
options
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Stephen D.
Kingrea
Sent: Friday, January 17, 2003 8:53 AM
To: Bill Moran
Cc: [EMAIL PROTECTED]
Subject: Re: different ipfw/natd prob
following is rc.conf, /etc/natd.conf, ifconfig, ipfw show
rc.conf
inetd_enable=YES
Stephen D. Kingrea wrote:
oh, this looks bad before i do that, i should mention that in the
meantime, i tried to add a divert rule and got
ip_fw_ctl: invalid command
on boot, i get
IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging
i agree. it does seem that i need to recompile:
www# ipfw add diver natd all from any to any via dc0
ip_fw_ctl: invalid command
ipfw: getsockopt(IP_FW_ADD): Invalid argument
would seem to indicate this..
i shall commence, as per yours and JoeB's suggestion and report back
thank you both