Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!uunet!in1.uu.net!207.172.3.52!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!rill.news.pipex.net!pipex!hose.news.pipex.net!pipex!warm.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!usenet
From: brian@shift.utell.net (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: [Help] natd & routing configuration
Date: 30 May 1997 15:56:40 GMT
Organization: Awfulhak Ltd.
Lines: 132
Message-ID: <5mmtbo$8kq@ui-gate.utell.co.uk>
References: <5ml8st$1ql$1@ruby.mint.net>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.utell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41890
In article <5ml8st$1ql$1@ruby.mint.net>,
darren@Quint.somtel.com (Darren Henderson) writes:
>
>
> Trying to get natd running with little success... Sorry for the length but
> I want provide enough information.
>
> Here's the situation.
>
>
> FreeBSD 2.2.1
> natd 1.4
> kernel mode ppp
>
> I want 10.0.0.2 to get to the internet via my unix box which has a
> dedicated dialup to my isp via ppp.
>
>
> ed0
> 10.0.0.2 ------------ 10.0.0.1 ppp0
> 206.139.114.254 ----------- 206.139.114.1
>
>
> From /etc/sysconfig
>
>
> network_interfaces="ed0 ppp0 lo0"
> ifconfig_ppp0="inet 206.139.114.254 netmask 255.255.255.0"
> ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0"
> ifconfig_lo0="inet 127.0.0.1"
>
> static_routes="multicast loopback"
> route_multicast="206.139.114.254 -netmask 0xf0000000 -interface ${hostname}"
> route_loopback="${hostname} localhost"
>
> (Question: Do I need these static routes? Should there be one similar to
> the one labled multicast for the 10.0.0.1 address?)
You don't need them, but they do no harm.
> defaultrouter="206.139.114.1"
> router="routed"
> gateway="YES"
> firewall="YES"
>
>
> From rc.filewall
> firewall_type=open
> /sbin/ipfw -f flush
> /sbin/ipfw add 2000 divert 6668 all from any to any via ed0
That's your problem (and further down). You want to divert
on interface ppp0, not ed0.
> /etc/services had natd defined for 6668. Note that the directions in
> natd's man page doesnt work, ipfw chokes if I use natd instead of 6668
Yep. This has been fixed in the man page. I must look at
changing ipfw to recognise service names - I'm not sure if
there'd be a syntax problem though.
> Ok, here's happens when I ping a machine on the Internet side from the
> 10.0.0.2 box using natd -s -m -v -n ed0
The other half of the problem - you need -n ppp0.
> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
> 10.0.0.2 -> 206.139.114.18
> In [UDP] 10.0.0.2 -> 198.6.1.1 aliased to
> 10.0.0.2 -> 198.6.1.1
>
> Its trying to get to the name server but notice it doesn't do anything for
> aliasing. I get the same result with natd -s -m -v -a 206.139.114.254
>
> If I change the ipfw rule to
>
> ipfw add 2000 divert 6668 all from 10.0.0.2 to any
You're now diverting the correct packets (although just for that
one machine). The via ppp0 is better.
>
> and go back to the -n ed0 invocation of natd I get
>
> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
> 10.0.0.2 -> 206.139.114.18
> Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
> 10.0.0.1 -> 206.139.114.18
Yep - diverting on the wrong side again.
> If I do it with the natd -a invocation I get
>
> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
> 10.0.0.2 -> 206.139.114.18
> Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
> 206.139.114.254 -> 206.139.114.18
Now you're diverting packets for 10.0.0.2 *and* aliasing on the
correct interface. But what's actually happening now is packets
are coming back addressed to 206.139.114.254 and aren't getting
dirverted (if they were, they wouldn't be aliased anyway).
> I
> Finally.... somthing is actually getting aliased, of course it doesn't
> work correctly but.... :) Looks like I'm half way there but I would need
> another ipfw rule and I can't see what it would be.
>
> Anyhow... anyone have any advice on the propper configuration for my
> situation? Do I have my static routes set up correctly?
>
> What I suspect is that I have the multihomed aspects of this messed up and
> there should be some kind of routing that equates the 10.0.0.1 address
> with the 206.139.114.254 address.
>
> Eagerly awaiting any thoughts on the matter.
You need
/sbin/ipfw add 2000 divert 6668 all from any to any via ppp0
natd -s -m -v -n ppp0
So close, yet so far :)
> ______________________________________________________________________________
> Darren Henderson darren@jasper.somtel.com
> dhenderson@bix.com
--
Brian <brian@awfulhak.org> <brian@freebsd.org>
<http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !