IPFW & NAT simple rules - BSD

This is a discussion on IPFW & NAT simple rules - BSD ; Hi, I put my first nat & ipfw rules in my freebsd 6.2 system, but got some "issues" when it starting up the nat: belmore:/etc # ./rc.d/ipfw restart Additional: not found net.inet.ip.fw.enable: 1 -> 0 Additional: not found Stopping natd. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPFW & NAT simple rules

  1. IPFW & NAT simple rules

    Hi,

    I put my first nat & ipfw rules in my freebsd 6.2 system, but got some
    "issues" when it starting up the nat:

    belmore:/etc # ./rc.d/ipfw restart
    Additional: not found
    net.inet.ip.fw.enable: 1 -> 0
    Additional: not found
    Stopping natd.
    Waiting for PIDS: 6975, 6975, 6975, 6975, 6975.
    Starting divert daemons:Additional: not found
    natdFlushed all rules.
    00500 divert 8668 ip from any to any via tun0
    00600 allow ip from any to any
    00700 allow tcp from any to any established
    Firewall rules loaded.
    Firewall logging enabled
    net.inet.ip.fw.enable: 0 -> 1
    belmore:/etc # ps -auxww | grep nat
    root 10087 0.0 0.8 1484 956 ?? Ss 10:55AM 0:00.02 /sbin/natd -n tun0
    root 10097 0.0 0.8 1588 1036 p0 S+ 10:56AM 0:00.02 grep nat
    belmore:/etc # ping www.yahoo.com
    PING www.yahoo-ht3.akadns.net (209.131.36.158): 56 data bytes64 bytes
    from 209.131.36.158: icmp_seq=0 ttl=57 time=199.874 ms
    64 bytes from 209.131.36.158: icmp_seq=1 ttl=57 time=198.421 ms
    64 bytes from 209.131.36.158: icmp_seq=2 ttl=57 time=198.640 ms
    64 bytes from 209.131.36.158: icmp_seq=3 ttl=57 time=199.256 ms
    64 bytes from 209.131.36.158: icmp_seq=4 ttl=57 time=198.460 ms^C
    --- www.yahoo-ht3.akadns.net ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet lossround-trip
    min/avg/max/stddev = 198.421/198.930/199.874/0.559 ms
    belmore:/etc # ipfw list
    00500 divert 8668 ip from any to any via tun0
    00600 allow ip from any to any
    00700 allow tcp from any to any established
    65535 allow ip from any to any
    belmore:/etc #

    /etc/rc.conf:
    natd_program="/sbin/natd"
    natd_enable="yes"
    natd_interface="tun0" # interface name of public Internet NIC
    #natd_flags="-dynamic -m" # -m = preserve port numbers if possible
    natd_flags="-f /etc/natd.conf"
    # Additional flags for natd.
    firewall_enable="yes"
    firewall_script="/etc/ipfw.test"
    #firewall_quiet="NO"
    firewall_logging="YES"
    firewall_type="open"
    tcp_drop_synfin="YES"
    portmap_enable="NO"

    /etc/natd.conf:
    belmore:/etc # cat natd.conf
    log yes
    interface sis1 tun0
    use_sockets yes
    same_ports yes
    dynamic yes
    unregistered_only yes
    #EMULE
    redirect_port tcp 192.168.1.2:6600 6600
    redirect_port udp 192.168.1.2:6601 6601

    tun0 is the public interface,
    sis1 is the LAN interface.

    The problem is with the error I got "Addtional: not found".
    can anyone please tell me how to fix this ?

    Very appreciate for any suggestion.

    Thanks
    SW


  2. Re: IPFW & NAT simple rules

    swun2010@gmail.com wrote:
    > Hi,
    >
    > I put my first nat & ipfw rules in my freebsd 6.2 system, but got some
    > "issues" when it starting up the nat:
    >
    > belmore:/etc # ./rc.d/ipfw restart
    > Additional: not found
    > net.inet.ip.fw.enable: 1 -> 0
    > Additional: not found
    > Stopping natd.
    > Waiting for PIDS: 6975, 6975, 6975, 6975, 6975.
    > Starting divert daemons:Additional: not found
    > natdFlushed all rules.
    > 00500 divert 8668 ip from any to any via tun0
    > 00600 allow ip from any to any
    > 00700 allow tcp from any to any established
    > Firewall rules loaded.
    > Firewall logging enabled
    > net.inet.ip.fw.enable: 0 -> 1
    > belmore:/etc # ps -auxww | grep nat
    > root 10087 0.0 0.8 1484 956 ?? Ss 10:55AM 0:00.02 /sbin/natd -n tun0
    > root 10097 0.0 0.8 1588 1036 p0 S+ 10:56AM 0:00.02 grep nat
    > belmore:/etc # ping www.yahoo.com
    > PING www.yahoo-ht3.akadns.net (209.131.36.158): 56 data bytes64 bytes
    > from 209.131.36.158: icmp_seq=0 ttl=57 time=199.874 ms
    > 64 bytes from 209.131.36.158: icmp_seq=1 ttl=57 time=198.421 ms
    > 64 bytes from 209.131.36.158: icmp_seq=2 ttl=57 time=198.640 ms
    > 64 bytes from 209.131.36.158: icmp_seq=3 ttl=57 time=199.256 ms
    > 64 bytes from 209.131.36.158: icmp_seq=4 ttl=57 time=198.460 ms^C
    > --- www.yahoo-ht3.akadns.net ping statistics ---
    > 5 packets transmitted, 5 packets received, 0% packet lossround-trip
    > min/avg/max/stddev = 198.421/198.930/199.874/0.559 ms
    > belmore:/etc # ipfw list
    > 00500 divert 8668 ip from any to any via tun0
    > 00600 allow ip from any to any
    > 00700 allow tcp from any to any established
    > 65535 allow ip from any to any
    > belmore:/etc #
    >
    > /etc/rc.conf:
    > natd_program="/sbin/natd"
    > natd_enable="yes"
    > natd_interface="tun0" # interface name of public Internet NIC
    > #natd_flags="-dynamic -m" # -m = preserve port numbers if possible
    > natd_flags="-f /etc/natd.conf"
    > # Additional flags for natd.
    > firewall_enable="yes"
    > firewall_script="/etc/ipfw.test"
    > #firewall_quiet="NO"
    > firewall_logging="YES"
    > firewall_type="open"
    > tcp_drop_synfin="YES"
    > portmap_enable="NO"
    >
    > /etc/natd.conf:
    > belmore:/etc # cat natd.conf
    > log yes
    > interface sis1 tun0
    > use_sockets yes
    > same_ports yes
    > dynamic yes
    > unregistered_only yes
    > #EMULE
    > redirect_port tcp 192.168.1.2:6600 6600
    > redirect_port udp 192.168.1.2:6601 6601
    >
    > tun0 is the public interface,
    > sis1 is the LAN interface.
    >
    > The problem is with the error I got "Addtional: not found".


    I think that you have a line in rc.conf / rc.conf.local which have lost
    it's starting `#' comment char and the first word is Addtional.

    To locate it try :

    sh -x /etc/rc.d/natd start

    Henri
    > can anyone please tell me how to fix this ?
    >
    > Very appreciate for any suggestion.
    >
    > Thanks
    > SW
    >


+ Reply to Thread