View Single Post
  #1   (View Single Post)  
Old 11th July 2008
EvanED EvanED is offline
New User
 
Join Date: Jul 2008
Posts: 2
Default Weird NAT issues

I'm having problems with my NAT box. Basically, things work in general, but when visiting a fresh site (from inside the LAN), it usually doesn't get a DNS response right away. In addition, it will occasionally forget the IP at which point it goes back to that. Refreshing after it times out works about 70% of the time, and refreshing after a couple time out periods is almost guaranteed to work. I *think* that while the computer on the LAN side of the NAT gateway is having problems if I open up Lynx on the gateway itself it works, but it could just be a timing thing.

The NAT gateway runs FreeBSD 7. There is one computer on the LAN side, running Windows Server 2008 (as a desktop). The network card facing outside is vr0, the one facing inside is em0. (There is also a ral0 wireless card, but it is unused at the moment.)

My "ISP" is actually just another NAT box provided by the apartment; it gives out 192.168 addresses, so to avoid confusion I'm using 10.0 addresses on the LAN.

My /etc/rc.conf:
Code:
keymap="us.dvorak"

ifconfig_vr0="DHCP"
hostname="Conrad.gateway.2wire.net"

zfs_enable="YES"

gateway_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"

dhcpd_enable="YES"
dhcpd_ifaces="em0"

samba_enable="YES"
maradns_enable="YES"
sshd_enable="YES"
My /etc/ipnat.rules
Code:
map vr0  10.0.0.0/24 -> 0/32 portmap tcp/udp auto
map ral0 192.168.128.0/24 -> 0/32 portmap tcp/udp auto
The second rule would be for the wireless network if I was worrying about getting that working at the moment. (Low priority.)

I installed the net/isc-dhcp3-server port. /usr/local/etc/dhcpd.conf:
Code:
option domain-name "me.org";
option domain-name-servers 192.168.1.254; #10.0.0.1;   **

default-lease-time 86400;
max-lease-time 604800;

ddns-update-style none;

subnet 192.168.1.0 netmask 255.255.255.0 {
  ## this is the external network; vr0has 192.168.1.74
}

subnet 10.0.0.0 netmask 255.0.0.0 {
  range 10.0.0.100 10.0.0.200;
  option routers 10.0.0.1;
}

subnet 192.168.128.0 netmask 255.255.255.0 {
  ## this is what i would be using for the wireless network
  range 192.168.128.100 192.168.128.200;
  option routers 192.168.128.1;
}
** I also have MaraDNS installed, and tried it with that. It seemed to have similar problems. 192.168.1.254 is the DNS server you get from the ISP's NAT.

Windows picks up the DNS server and gateway fine:
Code:
C:\>ipconfig /all
...
   DHCP Enabled. . . . . . . . . . . : Yes
...
   IPv4 Address. . . . . . . . . . . : 10.0.0.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
...
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 192.168.1.254
There are also a bunch of console messages from smbd every few minutes about denying connections from addresses on the outside of the NAT box, and I am running Samba inside, and it works fine.

Any idea what's wrong or how to go about debugging this?

I had a FreeBSD 6.2 server up for a while and don't remember having problems getting the basics working, but it was with slightly different hardware (processor and motherboard) because I wanted ZFS.
Reply With Quote