Board index Freebsd

DNS gateway problem in my local network using natd

DNS gateway problem in my local network using natd

Post by k3.. » Tue, 09 May 2000 04:00:00



Hello
I have a little problem with dns resolving from my local computer that
is connected via a gateway using natd.

First some info! :)
This is how the computers are connected to each other
Windows2k -(xl0)-> FreeBSD 4-STABLE -(ed1)-> Internet

Windows2k=192.168.1.2
FreeBSD=192.168.1.1

I'm using a cable modem with dynamic IP (It doesn't change until I
reset the modem) through a Ethernet compatible card (device = ed1). The
Windows2k computer is connected with a 3com905b (device = xl0)...

Now to the problem! I've installed natd and its working excellent as a
gateway except one thing, the Windows2k computer cant resolv dynamic IP
adresses (like www.blahblah.com), only clean IP (ex. 1.2.3.4.) - can't
be too specific! :) It IS possible to ping computers outside the local
network with the Windows2k computer.
Thats the problem. I'm not very experienced with FreeBSD and networking
yet so I have no clue what it could be. I would be very glad if someone
could find a solution to my problem.

Here is some config files:
------------------------------------
rc.conf: (snapped)
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="ed1"
natd_flags="-f /etc/rc.natd"
-------------------------------------
rc.firewall:
/sbin/ipwf -f flush
/sbin/ipwf add divert natd all from any to any via ed1
/sbin/ipwf add pass all from any to any
-------------------------------------
rc.natd:
log no
deny_incoming no
use_sockets no
same_ports yes
verbose no
unregistered_only no
dynamic yes
-------------------------------------

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 
Top

DNS gateway problem in my local network using natd

Post by fran » Tue, 09 May 2000 04:00:00


- Does ping www.ibm.net or something similar work from the FreeBSD box?

- Is your ed1 interface configured before you startup natd?

- I had some similar problems with an ADSL modem setup. Try the following as root:
$ killall natd
$ killall dhclient
$ dhclient ed1
$ natd -d dynamic -n ed1
$ ipfw -f flush
$ ipfw add divert natd all from any to any via ed1
$ ipfw add pass all from any to any

This should configure the interface using dhcp. Startup natd with a configured interface and configure the firewall. I assume you compiled a custom kernel with IP filtering and IP forwarding and BPF support.

The other thing to check is the name server settings on your win2k box. Are you using a DNS server on the FreeBSD box?

Also check the FreeBSD diary web site. There is mention of a similar problem and solution there.

Good luck,

Frank


> Hello
> I have a little problem with dns resolving from my local computer that
> is connected via a gateway using natd.

> First some info! :)
> This is how the computers are connected to each other
> Windows2k -(xl0)-> FreeBSD 4-STABLE -(ed1)-> Internet

> Windows2k=192.168.1.2
> FreeBSD=192.168.1.1

> I'm using a cable modem with dynamic IP (It doesn't change until I
> reset the modem) through a Ethernet compatible card (device = ed1). The
> Windows2k computer is connected with a 3com905b (device = xl0)...

> Now to the problem! I've installed natd and its working excellent as a
> gateway except one thing, the Windows2k computer cant resolv dynamic IP
> adresses (like www.blahblah.com), only clean IP (ex. 1.2.3.4.) - can't
> be too specific! :) It IS possible to ping computers outside the local
> network with the Windows2k computer.
> Thats the problem. I'm not very experienced with FreeBSD and networking
> yet so I have no clue what it could be. I would be very glad if someone
> could find a solution to my problem.

> Here is some config files:
> ------------------------------------
> rc.conf: (snapped)
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="ed1"
> natd_flags="-f /etc/rc.natd"
> -------------------------------------
> rc.firewall:
> /sbin/ipwf -f flush
> /sbin/ipwf add divert natd all from any to any via ed1
> /sbin/ipwf add pass all from any to any
> -------------------------------------
> rc.natd:
> log no
> deny_incoming no
> use_sockets no
> same_ports yes
> verbose no
> unregistered_only no
> dynamic yes
> -------------------------------------

> Sent via Deja.com http://www.deja.com/
> Before you buy.


 
 
 
Top

DNS gateway problem in my local network using natd

Post by Kurt Wer » Wed, 10 May 2000 04:00:00



>Now to the problem! I've installed natd and its working excellent as a
>gateway except one thing, the Windows2k computer cant resolv dynamic IP
>adresses (like www.blahblah.com), only clean IP (ex. 1.2.3.4.) - can't
>be too specific! :) It IS possible to ping computers outside the local
>network with the Windows2k computer.
>Thats the problem. I'm not very experienced with FreeBSD and networking
>yet so I have no clue what it could be. I would be very glad if someone
>could find a solution to my problem.

This is not a natd problem (unless I'm very mistaken).  It is a resolver
problem.  Can your freebsd box ping www.apple.com?  If so, you have 2
choices:  either run named on your freebsd box and tell your windows machine
that it is your resolver (this has advatages if your lan grows), or just
tell your windows machine that it's NAMESERVER is your ISP's nameserver
address.

Kurt
--
---

http://www.pobox.com/~kwerle/

 
 
 
Top

1. ipfw/natd settings for home network connected to cable internet via FreeBSD gateway?

(please correct me if I'm wrong)

natd should take care of this.  What natd does is remap port numbers, so
it is impossible for an outside machine to access your internal network
(this breaks some things, i.e., RTSP Quicktime Streaming, active mode
FTP, some SNMP).  Take this diagram.

internal port out 80 in 1000  <----> natd port out 80 in 1024 <---> www
server port out 1024 in 80

  When your internal opens a TCP connection to the www server, it flows
over the natd box.  natd then transparently remashes the connection to
come from another port on its self, but remembers that when packets flow
in this port, they should be regurgitated on the internal network on the
port your machine is using.  It will not open connections the other way
around since it has no way of knowing where to put the packets (packet
forwarders??).

But its a good idea to secure the natd machine, if someone breaks into
that, then they get on the internal network.

Yann

--

--------------------------------------------------------------------

Atrus Trivalie Productions      www.redshift.com/~yramin
Monterey High IT                www.montereyhigh.com
ICQ                             46805627
AIM                             oddatrus
Marina, CA

IRM Developer                   Network Toaster Developer
SNTS Developer                  * Developer

"All cats die.  Socrates is dead.  Therefore Socrates is a cat."
        - The Logician
--------------------------------------------------------------------

2. FDISK Work Around to boot LILO on EIDE Please!`

3. FreeBSD Private Network Natd Gateway Step-by-Step

4. Modem Surfer 28.8 PPP Problem

5. Please help natd network gateway. Thank you.

6. Received signal #14, SIGALRM, in lwp_sema_wait() [caught]

7. Local Network DNS and dialup Internet problems

8. metainit: hostname: stale databases

9. Network to Network IPSec VPN using RHEL/CentOS: separate VPN Router and LAN Gateway

10. Weird network problem - Second NIC lags terribly when first NIC uses a gateway - Help...?

11. Problem sending local email using PINE on network

12. Network stalls using natd and ppp

13. RH5: Defaul Gateway disables all local networks!


All times are UTC
Board index