Well, I assumed the natd would be noticed in the subject line, and also
it is listed under the "rc.conf" section I listed below.
As for the dc0, I forgot I had tried a 255.255.0.0 subnet, and played
with the broadcast just for giggles. Normally they are 255.255.0.0
and 192.168.1.255 respectively.
And no its not the firewall rules, I don't think, but I'm no expert.
## ipfw #########
00050 divert 8668 ip from any to any via vr0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any
----- Original Message -----
From: "Justin C.Walker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 26, 2001 9:52 PM
Subject: Re: natd, 2 NIC's, 2 Hubs, Something I'm missing?
> Your msg implies you're using NAT, but you've not included anything
> about the NAT config. Also, the 'ifconfig' output for dc0 doesn't
> jibe with the rest of your message.
>
> Regards,
>
> Justin
>
> On Saturday, May 26, 2001, at 07:32 PM, Brandt wrote:
>
> > Hello all, this has got me stumped.
> >
> > FreeBSD 4.3
> > vr0: ip= 65.3.111.111 subnet 255.255.255.0
> > dc0: ip= 192.168.1.1 subnet 255.255.255.0
> >
> > Kernel has been recompiled with IPDIVERT and IPFIREWALL options,
> > and every thing WORKS fine as long as I have both NIC's pluged into the
> > SAME hub.
> >
> > But shouldn't this also work when the vr0 interface is moved to a
> > seperate
> > hub? So that the internet interface and the LAN interface (dc0) are on
> > seperate networks?
> >
> > The strange thing is that as soon as I unplug the 65.3.*.*
> > interface from the
> > hub, the other 192.168.1.* boxes can't ping the dc0, 192.168.1.1
> > interface
> > even though they are still connected to the same hub. At the same
> > time, the
> > dc0 interface can still ping the other LAN boxen on the 192.168
> > network.
> >
> > Any ideas as to what is going on?
> >
> > - Brandt
> > ## My Kernel ##########
> > options IPDIVERT
> > options IPFIREWALL
> >
> > ## /etc/rc.conf ##########
> > sendmail_enable="YES"
> > sshd_enable="YES"
> > inetd_enable="YES"
> > gateway_enable="YES"
> > network_interfaces="vr0 lo0 dc0"
> > ifconfig_vr0="inet 65.3.111.111 netmask 255.255.255.0"
> > defaultrouter="65.3.111.1"
> > ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0"
> > hostname="myhostname.mydomain.com"
> >
> > #NATD
> > natd_enable="YES"
> > natd_interface="vr0"
> > natd_flags="-f /etc/natd.conf"
> >
> > #FIREWALL
> > firewall_enable="YES"
> > firewall_script="/etc/rc.firewall"
> > firewall_type="open"
> > firewall_quiet="NO"
> > firewall_logging="YES"
> > firewall_flags=""
> >
> > #ATTEMPT TO CORRECT ROUTING TABLE
> > router_enable="YES"
> > router="routed"
> > router_flags="-s"
> >
> > ## ifconfig ##########
> > dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > inet 192.168.1.1 netmask 0xffff0000 broadcast 192.168.255.255
> > inet6 fe80::280:c8ff:fee8:58fe%dc0 prefixlen 64 scopeid 0x1
> > ether ff:ff:ff:ff:ff:ff
> > media: autoselect (100baseTX <full-duplex>) status: active
> > supported media: autoselect 100baseTX <full-duplex>
> > 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP none
> > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > inet 65.3.111.111 netmask 0xffffff00 broadcast 65.3.111.255
> > inet6 fe80::280:c8ff:fee8:58fe%vr0 prefixlen 64 scopeid 0x2
> > ether 00:80:c8:e8:58:fe
> > media: autoselect (10baseT/UTP) status: active
> > supported media: autoselect 100baseTX <full-duplex>
> > 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP none
>
> ---
> Justin C. Walker, Curmudgeon-At-Large *
> Institute for General Semantics |
> Director of Technology | It's not whether you win
> or lose...
> Nexsi Systems Corp. | It's whether *I* win or lose.
> 1959 Concourse Drive |
> San Jose, CA 95131 |
> *--------------------------------------*-------------------------------*
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
