Date: Tue, 27 May 2003 23:16:44 +0200 From: Morten Kjaer Nielsen <none@morten--gummiand.dk.lh.bsd-dk.dk> To: bsd-dk@bsd-dk.dk Subject: Natd/router vil ik´'
Hej!
Det er så vist min første posting på listen, jeg har nydt de mange gode
råd og snakke jeg har læst indtil nu, dejligt for en newbie som mig :-)
Jeg er nu stødt ind i et for mig indtil videre underligt problem, og må
ty til at bede om gode råd.
Jeg har et setup der ligner dette...
WAN|router|192.168.1.1 < -- > 192.168.1.6 vr0 |FBSD| dc0 172.16.0.1
< -X-> 172.16.0.10|win98 maskine der skal på nette via FBSD|
Når jeg pinger fra windows 98 maskinen og ud i verden får jeg ikke svar
tilbage på win98 maskine, og det ville jeg jo gerne have, så jeg kan få
den online :-)
Nogen der har råd til hvad det kan være der forhindre den i at få svar?
rc.conf:
network_interfaces="vr0 dc0 lo0"
inconfig_lo0="inet 127.0.0.1"
ifconfig_vr0="inet 192.168.1.250 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
hostname="gateway"
ifconfig_dc0="inet 172.16.0.1 netmask 255.255.255.0"
gateway_enable="YES"
firewall_enable="YES"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-f /etc/natd.conf"
natd.conf
log yes
deny_incoming no
port 8668
use_sockets yes
same_ports yes
unregistered_only yes
redirect_port tcp 172.16.0.10:143 143
redirect_port tcp 192.168.1.177:1000 1000
redirect_port tcp 192.168.1.177:1001 1001
ipfw
00100 check-state
00200 count ip from any to any via dc0
00300 count ip from any to any via vr0
00400 allow tcp from any to any established
09000 divert 8668 ip from any to any via vr0
09100 allow icmp from any to any
30000 allow tcp from any to me 25,80,110 setup
50100 allow tcp from me to any setup
50200 allow udp from me to any keep-state
50300 allow icmp from me to any
50400 allow ip from me to any
55000 allow tcp from 192.168.1.0/24 to any setup
55100 allow udp from 192.168.1.0/24 to any keep-state
55300 allow tcp from 172.16.0.0/24 to any setup
55400 allow udp from 172.16.0.0/24 to any keep-state
55500 allow icmp from 172.16.0.0/24 to any
55600 allow icmp from 172.16.0.0/24 to any
55700 allow ip from 172.16.0.0/24 to any
55800 allow ip from 192.168.1.0/24 to any
60000 deny log logamount 100 ip from any to any
65535 allow ip from any to any
tcpdump på vr0 når jeg pinger:
22:13:53.074783 192.168.1.250 > 212.54.64.170: icmp: echo request
22:13:53.108653 212.54.64.170 > 192.168.1.250: icmp: echo reply
22:13:54.575934 192.168.1.250 > 212.54.64.170: icmp: echo request
22:13:54.609831 212.54.64.170 > 192.168.1.250: icmp: echo reply
22:13:56.075860 192.168.1.250 > 212.54.64.170: icmp: echo request
22:13:56.109779 212.54.64.170 > 192.168.1.250: icmp: echo reply
22:13:57.574948 192.168.1.250 > 212.54.64.170: icmp: echo request
22:13:57.608872 212.54.64.170 > 192.168.1.250: icmp: echo reply
22:13:59.074225 192.168.1.250 > 212.54.64.170: icmp: echo request
22:13:59.107091 212.54.64.170 > 192.168.1.250: icmp: echo reply
tcpdump på dc0 når jeg pinger:
22:14:11.074724 172.16.0.10 > 212.54.64.170: icmp: echo request
22:14:11.109120 212.54.64.170 > 172.16.0.10: icmp: echo reply
22:14:12.574747 172.16.0.10 > 212.54.64.170: icmp: echo request
22:14:12.613597 212.54.64.170 > 172.16.0.10: icmp: echo reply
22:14:14.073678 172.16.0.10 > 212.54.64.170: icmp: echo request
22:14:14.107761 212.54.64.170 > 172.16.0.10: icmp: echo reply
22:14:15.573141 172.16.0.10 > 212.54.64.170: icmp: echo request
22:14:15.607773 212.54.64.170 > 172.16.0.10: icmp: echo reply
22:14:17.072959 172.16.0.10 > 212.54.64.170: icmp: echo request
22:14:17.105496 212.54.64.170 > 172.16.0.10: icmp: echo reply
uddrag af natd-log
May 27 22:47:45 gw /kernel: ipfw: 9100 Accept ICMP:0.0 212.54.64.170 172.16.0.10 out via dc0
May 27 22:47:46 gw /kernel: ipfw: 9100 Accept ICMP:8.0 172.16.0.10 212.54.64.170 in via dc0
May 27 22:47:46 gw /kernel: ipfw: 9100 Accept ICMP:8.0 192.168.1.250 212.54.64.170 out via vr0
May 27 22:47:46 gw /kernel: ipfw: 9100 Accept ICMP:0.0 212.54.64.170 172.16.0.10 in via vr0
May 27 22:47:46 gw /kernel: ipfw: 9100 Accept ICMP:0.0 212.54.64.170 172.16.0.10 out via dc0
netstat -rn
23:14:06 root@gw2pc /var/log# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 1 6046 vr0
127.0.0.1 127.0.0.1 UH 0 0 lo0
172.16/24 link#1 UC 1 0 dc0
172.16.0.10 00:80:ad:b6:5e:e5 UHLW 1 2601 dc0 1047
192.168.1 link#2 UC 3 0 vr0
192.168.1.1 00:20:6f:17:57:78 UHLW 1 0 vr0 692
192.168.1.177 00:50:ba:ea:29:b0 UHLW 1 9318 vr0 1096
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 20 vr0
ifconfig:
23:14:39 root@gw2pc /var/log# ifconfig
dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
ether 00:08:a1:28:3c:55
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.250 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:0a:e6:41:ef:46
media: Ethernet autoselect (10baseT/UTP)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tja..?
-- Hygge Morten, anden er løs... http://vWv.gummiand.dk/
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:29 CET