im almost there :)

Myron

Member

Reaction score: 1
Messages: 62

hey guys im just wondering why my local machine cant go outbound traffic heres my config:

rc.conf
Code:
###network###
defaultrouter="xxx.xx.124.1"
gateway_enable="YES"
hostname="kamote.net"
ifconfig_age0="inet xxx.xx.124.203  netmask 255.255.255.0"
ifconfig_rl0="192.168.1.1/24 netmask 255.255.255.0"
resolv.conf
Code:
###bayantel###
nameserver 202.78.97.41
nameserver 202.78.97.3

###ultranet###
nameserver 156.154.70.1
nameserver 156.154.71.1

###opendns###
nameserver 208.67.222.222
nameserver 208.67.220.220
pf.conf
Code:
ext_if="age0"
int_net="192.168.1.1/24"
nat on $ext_if from $int_net to any -> $ext_if
sysctl.conf
Code:
net.inet.ip.forwarding:1
in freebox i can ping yahoo
Code:
PING yahoo.com (98.137.149.56): 56 data bytes
64 bytes from 98.137.149.56: icmp_seq=0 ttl=52 time=277.983 ms
64 bytes from 98.137.149.56: icmp_seq=1 ttl=52 time=231.722 ms
64 bytes from 98.137.149.56: icmp_seq=2 ttl=52 time=206.170 ms
my laptop ip 192.168.1.10 connected to rl0 which is my internal network i can ping 192.168.1.1 >> rl0 ip, ican ping also the wan ip xxx.xx.124.203, but the packets cant go outside traffic, any missing this config?

thanks
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,135
Messages: 33,711

Check if your NAT is actually working. Run tcpdump on your ext_if and ping from your laptop.
 
OP
M

Myron

Member

Reaction score: 1
Messages: 62

SirDice said:
Check if your NAT is actually working. Run tcpdump on your ext_if and ping from your laptop.
oh my i have no NAT yet added can you please give example how to enable NAT in rc.conf

thanks
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,135
Messages: 33,711

Myron said:
oh my i have no NAT yet added can you please give example how to enable NAT in rc.conf
Since you use pf:

Code:
pf_enable="YES"
Or load it by hand: # pfctl -f /etc/pf.conf.
 
OP
M

Myron

Member

Reaction score: 1
Messages: 62

SirDice said:
Check if your NAT is actually working. Run tcpdump on your ext_if and ping from your laptop.
sir dice this is the tcpdump output of 2nd NIC the local net

Code:
kamote# tcpdump -i rl0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
21:29:48.243519 arp who-has 192.168.1.1 tell 192.168.1.5
21:29:48.243532 arp reply 192.168.1.1 is-at 00:1d:0f:c1:a4:bb (oui Unknown)
21:29:48.244128 IP 192.168.1.5.blackjack > 192.168.1.1.domain: 64513+ A? yahoo.com. (27)
21:29:48.244147 IP 192.168.1.1 > 192.168.1.5: ICMP 192.168.1.1 udp port domain unreachable, length 36
21:29:48.245134 IP 192.168.1.5.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:29:48.992278 IP 192.168.1.5.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:29:49.742277 IP 192.168.1.5.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:29:50.505474 IP 192.168.1.5.blackjack > 192.168.1.1.domain: 42503+ A? [url]www.yahoo.com[/url]. (31)
21:29:50.505489 IP 192.168.1.1 > 192.168.1.5: ICMP 192.168.1.1 udp port domain unreachable, length 36
my pf config
Code:
###pf###
ext_if="age0"
int_if="rl0"
lan=$int:network
nat on $ext_if from $lan to any -> $ext_if
in rc.conf
Code:
###network###
defaultrouter="xxx.xxx.124.1"
gateway_enable="YES"
hostname="kamote.net"
ifconfig_age0="inet xxx.xxx.124.203  netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

there is something wrong with my config, in freebox i can ping yahoo it work perfect the only problem in the local net my laptop ip 192.168.1.5 gate 192.168.1.1 same as pri dns im wonder why the packet cant go outside. :(

thanks sirdice
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,135
Messages: 33,711

Run tcpdump on the external interface. Also use the -n switch (it'll make it slightly easier to read).

You also have a problem with DNS. The laptop is trying to use 192.168.1.1 as a DNS server but there's nothing listening (ICMP port unreachable messages). I'm guessing name resolving fails and that's why it doesn't work on your laptop.
 
Top