Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.ci.com.au!brian.telstra.net!act.news.telstra.net!news.telstra.net!psgrain!iafrica.com!uct.uni.net.za!ru.uni.net.za!wits.uni.net.za!howland.erols.net!news.mathworks.com!news-xfer.cybernet.dk!news.onramp.net!news.nkn.net!news.panther.net!nemesis!hammy!news-in.iadfw.net!news.gymnet.com!LSNT1!lsbsdi6.lightspeed.net!news.silcom.com!news.genuity.net!azure.xara.net!xara.net!news.visi.net!news.math works.com!rill.news.pipex.net!pipex!hose.news.pipex.net!pipex!warm.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!usenet From: brian@shift.utell.net (Brian Somers) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: [Help] natd & routing configuration Date: 30 May 1997 15:56:40 GMT Organization: Awfulhak Ltd. Lines: 133 Message-ID: <FDFEE0EF86A76AF6.F7D74605D871812C.D15BE8ACC7D858FD@library-proxy.airnews.net> X-Orig-Message-ID: <5mmtbo$8kq@ui-gate.utell.co.uk> References: <5ml8st$1ql$1@ruby.mint.net> Reply-To: brian@awfulhak.org, brian@utell.co.uk NNTP-Proxy-Relay: library.airnews.net NNTP-Posting-Host: biceps.gymnet.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Newsreader: knews 0.9.8 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:42746 In article <5ml8st$1ql$1@ruby.mint.net>, darren@Quint.somtel.com (Darren Henderson) writes: > > > Trying to get natd running with little success... Sorry for the length but > I want provide enough information. > > Here's the situation. > > > FreeBSD 2.2.1 > natd 1.4 > kernel mode ppp > > I want 10.0.0.2 to get to the internet via my unix box which has a > dedicated dialup to my isp via ppp. > > > ed0 > 10.0.0.2 ------------ 10.0.0.1 ppp0 > 206.139.114.254 ----------- 206.139.114.1 > > > From /etc/sysconfig > > > network_interfaces="ed0 ppp0 lo0" > ifconfig_ppp0="inet 206.139.114.254 netmask 255.255.255.0" > ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_lo0="inet 127.0.0.1" > > static_routes="multicast loopback" > route_multicast="206.139.114.254 -netmask 0xf0000000 -interface ${hostname}" > route_loopback="${hostname} localhost" > > (Question: Do I need these static routes? Should there be one similar to > the one labled multicast for the 10.0.0.1 address?) You don't need them, but they do no harm. > defaultrouter="206.139.114.1" > router="routed" > gateway="YES" > firewall="YES" > > > From rc.filewall > firewall_type=open > /sbin/ipfw -f flush > /sbin/ipfw add 2000 divert 6668 all from any to any via ed0 That's your problem (and further down). You want to divert on interface ppp0, not ed0. > /etc/services had natd defined for 6668. Note that the directions in > natd's man page doesnt work, ipfw chokes if I use natd instead of 6668 Yep. This has been fixed in the man page. I must look at changing ipfw to recognise service names - I'm not sure if there'd be a syntax problem though. > Ok, here's happens when I ping a machine on the Internet side from the > 10.0.0.2 box using natd -s -m -v -n ed0 The other half of the problem - you need -n ppp0. > In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to > 10.0.0.2 -> 206.139.114.18 > In [UDP] 10.0.0.2 -> 198.6.1.1 aliased to > 10.0.0.2 -> 198.6.1.1 > > Its trying to get to the name server but notice it doesn't do anything for > aliasing. I get the same result with natd -s -m -v -a 206.139.114.254 > > If I change the ipfw rule to > > ipfw add 2000 divert 6668 all from 10.0.0.2 to any You're now diverting the correct packets (although just for that one machine). The via ppp0 is better. > > and go back to the -n ed0 invocation of natd I get > > In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to > 10.0.0.2 -> 206.139.114.18 > Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to > 10.0.0.1 -> 206.139.114.18 Yep - diverting on the wrong side again. > If I do it with the natd -a invocation I get > > In [UDP] 10.0.0.2 -> 206.139.114.18 aliased to > 10.0.0.2 -> 206.139.114.18 > Out [UDP] 10.0.0.2 -> 206.139.114.18 aliased to > 206.139.114.254 -> 206.139.114.18 Now you're diverting packets for 10.0.0.2 *and* aliasing on the correct interface. But what's actually happening now is packets are coming back addressed to 206.139.114.254 and aren't getting dirverted (if they were, they wouldn't be aliased anyway). > I > Finally.... somthing is actually getting aliased, of course it doesn't > work correctly but.... :) Looks like I'm half way there but I would need > another ipfw rule and I can't see what it would be. > > Anyhow... anyone have any advice on the propper configuration for my > situation? Do I have my static routes set up correctly? > > What I suspect is that I have the multihomed aspects of this messed up and > there should be some kind of routing that equates the 10.0.0.1 address > with the 206.139.114.254 address. > > Eagerly awaiting any thoughts on the matter. You need /sbin/ipfw add 2000 divert 6668 all from any to any via ppp0 natd -s -m -v -n ppp0 So close, yet so far :) > ______________________________________________________________________________ > Darren Henderson darren@jasper.somtel.com > dhenderson@bix.com -- Brian <brian@awfulhak.org> <brian@freebsd.org> <http://www.awfulhak.org> Don't _EVER_ lose your sense of humour !