[nycbug-talk] Re: Natd/Gateway=yes vs 5.3
a nice bug
nycbug
Sun Nov 14 09:36:16 EST 2004
Hi,
Francisco Reyes:
> Migrating a 4.10 box.
> Copied data to a second drive.
> Installed 5.3
> Changed kernel to add
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options "IPFIREWALL_VERBOSE_LIMIT"=50
> options IPDIVERT
>
> In /etc/rc.conf have
> firewall_enable="YES"
> firewall_logging="YES" # Set to YES to enable events logging
> firewall_quiet="NO"
> firewall_type="open"
> gateway_enable="YES"
> natd_enable="YES" # Enable natd (if firewall_enable == YES).
> natd_flags="-f /etc/natd.conf" # Set rules file for the NAT daemon
> natd_interface="ed0"
>
> Not only the machine is not acting as a gateway, but it doesn't let me even
> connect to the internet.
> Looked at ipfw list and saw
>
> 00050 divert 8668 ip from any to any via ed0
> 00100 allow ip from any to any via lo0
> 00200 deny log logamount 50 ip from any to 127.0.0.0/8
> 00300 deny log logamount 50 ip from 127.0.0.0/8 to any
> 65000 allow ip from any to any
> 65535 deny ip from any to any
>
> Added a pass all rule before the divert and I am able to see the internet
> from the FreeBSD machine, but not from the other machines. Is as if the
> divert line was not working.
> Anything changed for nat between 4.10 and 5.3? Any suggestions?
It seems on 5 you now must
/sbin/sysctl net.inet.ip.forwarding=1
that's one change, and if the "other" machines are "behind" this
firewall maybe that's it.
HTH
harold
More information about the talk
mailing list