Joe wrote:
Okay, back on topic.
I've changed my rules in ipfw, and no longer get the hostname ..
messages.
Now natd does not start and it complains 'unable to bind divert
socket, and then cant assign requested address'. I'm using:
natd_enable="YES"
natd_interface="dc0"
natd_flags="-dynamic -d -log_ipfw_denied -log_denied"
These are my parameters below which definitely work -- or you wouldn't
be seeing this email :) I can't see anything obviously wrong with
yours; what I would suggest is to start with just "-dynamic" since
that's the only one that's *required* for this setup to work and see how
that does. I can't find your original rules: I assume that a) dc0 *is*
your external interface (typos are a common source of errors, though I
don't think that's the case here) b) you have an ifconfig_dc0="DHCP"
line in /etc/rc.conf.
natd_enable="YES" # Natd packet translation
natd_flags="-log -log_denied -dynamic"
natd_interface="sis0"
ifconfig_sis0="DHCP" # External network
At startup I get a message like:
Jun 18 10:38:58 natd[701]: Aliasing to 0.0.0.0, mtu 1500 bytes
just after the firewall rules start up.
The divert rule in my firewall says:
ipfw add divert natd all from any to any via ${natd_interface}
If you have static rules rather than a script then you need
${natd_interface} to be replaced directly with dc0.
The other things to check, I guess, are that those are the *only* natd
lines you have:
egrep natd /etc/rc.conf /etc.rc.conf.local
--Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
