natd not translating?

Gary Aitken vagabond at blackfoot.net
Wed Nov 5 00:39:10 UTC 2014 

Hi Ian,

Thanks for the reply.  I've made a little progress since posting that as of
today, but not there yet.  (see below)

This whole exercise has been an example of why it's a help to all be in the
same room.  Especially when you don't have an alternate network connection! :-(

My understanding is now not necessarily broader than it otherwise might be, 
but it is surely harder won and probably burned in a bit better...  At my
stage in life I can only hope it stays there long enough to get me to the
end...

On 11/03/14 22:37, Ian Smith wrote:
> In freebsd-questions Digest, Vol 544, Issue 1, Message: 9
> On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" <vagabond at blackfoot.net> wrote:
...
>  > I'm trying to set up natd and can't for the life of me figure out
>  > what's wrong with my config.
>  > 
>  > natd.conf:
>  > 
>  > use_sockets
>  > same_ports
>  > unregistered_only
>  > verbose
>  > alias_address 66.109.141.60
>  > 
>  > What I see:
>  >   In  {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to
>  >            [ICMP] 192.168.1.2 -> 128.2.42.52 8(0)
>  > 
>  > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60?
...
> Not enough information to have any idea how your NAT box is setup.
> 
> Need to know the inside and outside interface addresses (eg ifconfig); 
> ipfw rules, especially around those invoking natd (divert rule/s) and 
> where these are placed in your ruleset; who/where is 192.168.1.2, is 
> 66.109.141.60 always your assigned public IP address, freebsd version?

Sorry:

world -> ep0 (66.109.141.*) fbsdbox (192.168.1.1) xl0 -> internal
  66.109.141.60 is one of my assigned ip addrs.

I *think* I got the above problem even with ipfw wide open:
  00005 allow ip from any to any
  00010 divert 8668 ip from any to any via ep0

I say *think* because I am further along but did not go back and
verify the cause.  My head is a bit damaged and the wall is bloody.
I believe the problem was a missing entry in /boot/loader.conf 
  (ipdivert_load="YES")
which I found as a result of this note and the references to others in it:
  http://freebsd.1045724.n5.nabble.com/Kernel-Update-IPFW-not-working-td4208637.html

Anyway, I'm past that problem and most things are working.
However, still having some trouble working out my ipfw rules but if I can
see what's happening I think I can figure it out.  However...

I can't seem to get logging to work.  I have the following in natd.conf:
     log_denied
     log_ipfw_denied
     log_facility local0
   and the following in syslog.conf
     !local0
     *.*            /var/log/natd.log
   If I run natd with verbose, I occasionally see
     "natd: failed to write packet back: Permission denied"
   errors on the controlling terminal.
   If I run without verbose (detached), I see no entries in /var/log/natd.log.

Thanks for any insights.

Gary

More information about the freebsd-questions mailing list