FreeBSD NAT not working

[uair]

Hello,

I've turned my freebsd FreeBSD station into a NAT server. It has to two NICs, one connected to the internet and the other connected directly to my laptop. I've followed the steps in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html and got a natd running, but I get no access to the internet from my laptop (which was the original idea to set the NAT server in the first place).

I can ping from my laptop to my freebsd FreeBSD box and vice versa. My laptop has windows 7 running on it. I know I should provide more info, but I am not sure exactly what information is useful.

The LAN cable I am using for the direct connection between the freebsd FreeBSD box and the laptop is not a crossover cable, but I am not sure if this could be the source of the problem.

Thanks in advance.

 

[SirDice]

Did you use the correct interface?

natd_interface="fxp0"

 

[uair]

I think so. The NIC connected to the internet is xl0, and grep natd /etc/rc.conf produces

natd_enable="YES"
natd_interface="xl0"
natd_flags=""

 

[SirDice]

Yep, that should do it. Did you also enable routing?

gateway_enable="YES"

 

[uair]

Yes. This is the relevant part of my /etc/rc.conf

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="xl0"
natd_flags=""

 

[SirDice]

Ok, that all looks as it should.

From your Windows laptop can you ping http://www.google.com? Or 173.194.66.99?

 

[uair]

No, I've tried already. I just can ping my FreeBSD box, nothing else.

 

[SirDice]

Can you ping those addresses from the FreeBSD box itself?

 

[uair]

Yes, without problems. I am positive that the problem must be in the natd configuration, or maybe a stupid error I made somewhere. I've checked every step a number of times (from the laptop configuration to the FreeBSD setup of the NAT) but can't find anything wrong.

 

[SirDice]

Some more trouble shooting, run
# tcpdump -ni xl0

And try the pings on the Windows machine. You should see some traffic being captured. What source addresses are being used?

 

[uair]

Are you sure you meant xl0? xl0 is the interface connected to the internet, and I get lots of messages when I run tcpdump on it. Instead I tried
[cmd=]tcpdump -ni ale0[/cmd]
and I get

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ale0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:18:24.131103 IP 192.168.0.2.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:18:24.880149 IP 192.168.0.2.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:18:25.644620 IP 192.168.0.2.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

When I ping http://www.google.com from the laptop, but I get nothing if I ping 173.194.66.99.

 

[Anonymous]

Yes. This is the relevant part of my /etc/rc.conf

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="xl0"
natd_flags=""

Do you have divert rules in your firewall configuration file as described in the following handbook page?

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html.

I may be wrong, however, my understanding is that the firewall controls the packets going though natd or not.

Note also, that diverting through natd is the old method, nowadays FreeBSD comes with in-kernel NAT. How to use this in a similar configuration as you are going to setup is described here.

 

[uair]

But doesn't

firewall_type="OPEN"

imply that my firewall is open (i.e. lets anything come and go by)?

 

[Anonymous]

but doesn't

imply that my firewall is open (i.e. lets anything come and go by)?

So, how do the packets know, that they are supposed to go through natd?

My understanding is that the firewall should tell it to them.

 

[uair]

So, how do the packets know, that they are supposed to go through natd?

My understanding is that the firewall should tell it to them.

Sorry, but I have no understanding of how this things work

 

[SirDice]

So, how do the packets know, that they are supposed to go through natd?

My understanding is that the firewall should tell it to them.

All packets going out the interface (natd_interface) will be NAT'ed. The firewall has nothing to do with this.

But, to be honest, I find IPFW way to complex to configure. I personally prefer PF.

 

[Anonymous]

Please have a look at natd(8)(). Scroll down to the section RUNNING NATD and read the subsection that starts with: "... Once natd is running, you must ensure that traffic is diverted to natd:".

 

[uair]

I finally solved this problem and I want to apologize because the source of the problem was not on my FreeBSD box but on my windows 7 laptop.
I found this article
http://windows.microsoft.com/en-US/windows7/Configuring-multiple-gateways-on-a-network
and I found that was the reason behind it. I had too many gateways on the laptop.
I appreciate the help and sorry for the noise.