Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!newsfeed.internetmci.com!in3.uu.net!204.254.98.4!mint.net!darren
From: darren@Quint.somtel.com (Darren Henderson)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: [Help] natd & routing configuration
Date: 2 Jun 1997 16:16:05 GMT
Organization: Maine InternetWorks
Lines: 149
Message-ID: <5murk5$luf$1@ruby.mint.net>
References: <5ml8st$1ql$1@ruby.mint.net> <5mmtbo$8kq@ui-gate.utell.co.uk>
NNTP-Posting-Host: quint.somtel.com
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:42085
Thanks for the response... unfortunately this set of recommendations led
to a system crash after a few moments. I've forwarded the trap info via
e-mail.
While I'm here... has anyone done any metrics on this to see what it dos
to throughput? I like the idea of natd but since the internal machines see
fairly limited use perhaps I'm better off remaining with proxy services.
Most of my internet traffic terminates on the gateway machine.
______________________________________________________________________________
Darren Henderson darren@jasper.somtel.com
Help fight junk email, visit http://www.cauce.org/
Brian Somers (brian@shift.utell.net) wrote:
>In article <5ml8st$1ql$1@ruby.mint.net>,
> darren@Quint.somtel.com (Darren Henderson) writes:
>>
>>
>> Trying to get natd running with little success... Sorry for the length but
>> I want provide enough information.
>>
>> Here's the situation.
>>
>>
>> FreeBSD 2.2.1
>> natd 1.4
>> kernel mode ppp
>>
>> I want 10.0.0.2 to get to the internet via my unix box which has a
>> dedicated dialup to my isp via ppp.
>>
>>
>> ed0
>> 10.0.0.2 ------------ 10.0.0.1 ppp0
>> 206.139.114.254 ----------- 206.139.114.1
>>
>>
>> From /etc/sysconfig
>>
>>
>> network_interfaces="ed0 ppp0 lo0"
>> ifconfig_ppp0="inet 206.139.114.254 netmask 255.255.255.0"
>> ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0"
>> ifconfig_lo0="inet 127.0.0.1"
>>
>> static_routes="multicast loopback"
>> route_multicast="206.139.114.254 -netmask 0xf0000000 -interface ${hostname}"
>> route_loopback="${hostname} localhost"
>>
>> (Question: Do I need these static routes? Should there be one similar to
>> the one labled multicast for the 10.0.0.1 address?)
>You don't need them, but they do no harm.
>> defaultrouter="206.139.114.1"
>> router="routed"
>> gateway="YES"
>> firewall="YES"
>>
>>
>> From rc.filewall
>> firewall_type=open
>> /sbin/ipfw -f flush
>> /sbin/ipfw add 2000 divert 6668 all from any to any via ed0
>That's your problem (and further down). You want to divert
>on interface ppp0, not ed0.
>> /etc/services had natd defined for 6668. Note that the directions in
>> natd's man page doesnt work, ipfw chokes if I use natd instead of 6668
>Yep. This has been fixed in the man page. I must look at
>changing ipfw to recognise service names - I'm not sure if
>there'd be a syntax problem though.
>> Ok, here's happens when I ping a machine on the Internet side from the
>> 10.0.0.2 box using natd -s -m -v -n ed0
>The other half of the problem - you need -n ppp0.
>> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
>> 10.0.0.2 -> 206.139.114.18
>> In [UDP] 10.0.0.2 -> 198.6.1.1 aliased to
>> 10.0.0.2 -> 198.6.1.1
>>
>> Its trying to get to the name server but notice it doesn't do anything for
>> aliasing. I get the same result with natd -s -m -v -a 206.139.114.254
>>
>> If I change the ipfw rule to
>>
>> ipfw add 2000 divert 6668 all from 10.0.0.2 to any
>You're now diverting the correct packets (although just for that
>one machine). The via ppp0 is better.
>>
>> and go back to the -n ed0 invocation of natd I get
>>
>> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
>> 10.0.0.2 -> 206.139.114.18
>> Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
>> 10.0.0.1 -> 206.139.114.18
>Yep - diverting on the wrong side again.
>> If I do it with the natd -a invocation I get
>>
>> In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
>> 10.0.0.2 -> 206.139.114.18
>> Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to
>> 206.139.114.254 -> 206.139.114.18
>Now you're diverting packets for 10.0.0.2 *and* aliasing on the
>correct interface. But what's actually happening now is packets
>are coming back addressed to 206.139.114.254 and aren't getting
>dirverted (if they were, they wouldn't be aliased anyway).
>> I
>> Finally.... somthing is actually getting aliased, of course it doesn't
>> work correctly but.... :) Looks like I'm half way there but I would need
>> another ipfw rule and I can't see what it would be.
>>
>> Anyhow... anyone have any advice on the propper configuration for my
>> situation? Do I have my static routes set up correctly?
>>
>> What I suspect is that I have the multihomed aspects of this messed up and
>> there should be some kind of routing that equates the 10.0.0.1 address
>> with the 206.139.114.254 address.
>>
>> Eagerly awaiting any thoughts on the matter.
>You need
>/sbin/ipfw add 2000 divert 6668 all from any to any via ppp0
>natd -s -m -v -n ppp0
>So close, yet so far :)
>> ______________________________________________________________________________
>> Darren Henderson darren@jasper.somtel.com
>> dhenderson@bix.com
>--
>Brian <brian@awfulhak.org> <brian@freebsd.org>
> <http://www.awfulhak.org>
>Don't _EVER_ lose your sense of humour !