Re: störig natd-start

Kenneth Lind exil at solace.miun.se
Mon Feb 27 12:19:08 CET 2006 

On Mon, 27 Feb 2006, Jan Rockstedt wrote:

> Kenneth Lind wrote:
> > On Mon, 27 Feb 2006, Jan Rockstedt wrote:
> >
> >>> problem kvar; natd startar inte när systemet går upp, utan
> >>> terminerar med meddelandet "natd: Unable to create divert
> >>> socket.: Protocol not supported".
> >>> När jag däremot kör '/etc/rc.d/natd start' manuellt fungerar
> >>> det alldeles utmärkt.
> >>> FreeBSD 5.4-RELEASE-p11
> >>
> >> Hur ser din kernel ut?
> >> Har du options IPDIVERT ?
> >
> > Japps.
> >
> > Bifogar fil.
> >
> >  /Kenneth
> >
> Det ser ju ok ut.
>
> Hur ser din rc.conf ut?

Rörig ;)   Klistrar in och censurerar lite.

rc.conf:
--->8---
defaultrouter="193.11.x.y"
gateway_enable="YES"
hostname="lennon"
ifconfig_rl0="inet 192.168.1.1  netmask 255.255.255.0"
ifconfig_dc0="inet 193.11.x.z  netmask 255.255.255.0"
#       IPv6
ipv6_enable="YES"
ipv6_defaultrouter="2001:6b0:9:abcd::1"
ipv6_network_interface="dc0"
ipv6_ifconfig_dc0="2001:6b0:9:abcd::a prefixlen 64"
ipv6_network_interface="rl0"
ipv6_ifconfig_rl0="2001:6b0:9:efgh::1 prefixlen 64"
ipv6_gateway_enable="YES"
ipv6_router_enable="YES"
ipv6_router="/usr/sbin/route6d"
kern_securelevel="0"
kern_securelevel_enable="YES"
keymap="swedish.iso"
nfs_client_enable="NO"
ntpdate_enable="YES"
ntpdate_flags="-b 192.168.1.2"
saver="NO"
scrnmap="NO"
sshd_enable="YES"
sshd_flags="-g 60"
sendmail_enable="NO"
check_quotas="NO"
tcp_extensions="YES"
inetd_enable="YES"
# IPFW
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.ipfw"
firewall_type="simple"
firewall_quiet="NO"
ipv6_firewall_enable="YES"
ipv6_firewall_logging="YES"
ipv6_firewall_script="/etc/rc.6ipfw"
ipv6_firewall_quiet="NO"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="dc0"
natd_flags="-f /etc/natd.conf"
tcp_drop_synfin="YES"
---8<---

Ur rc.ipfw (kanske irrelevant?):
--->8---
${fwcmd} add divert natd all from any to any via ${natd_interface}
---8<---
som ligger efter... hmm.. mellan två uppsättningar identiska
anti-spoofingregler. Borde inte spela roll, eller...?

natd.conf:
--->8---
dynamic no
#log yes
use_sockets yes
same_ports yes
redirect_port tcp 192.168.1.2:22 22
---8<---

sysctl.conf innehåller enbart:
--->8---
security.bsd.see_other_uids=0
---8<---

annars:
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1

Kommer inte på nåt mer som kan vara relevant just nu..

 /Kenneth

--

    "Angels can fly because they take themselves lightly."
                            GK Chesterton

Homepage (Swedish only):                   http://www.solace.mh.se/~exil
Cellphone .se:                                        +46-(0)73 218 1937
Cellphone .nl:                                        +31-(0)64 409 6291

More information about the BUS mailing list