The DNS problem which was an natd problem

The DNS problem which was an natd problem

By this time, I’d been down and now I was getting up again.  After nearly trashing the entire system, only to have placed gently back into my hands by a total stranger, I was ready to tackle the other problem.  That was my DNS problem.  Or what I, as a novice, thought was a DNS problem.  It turned out not to be a routing problem.   For information on DNS, see Getting local names to resolve.

The symptoms were pings that worked everywhere on my subnet, but I could only ping out from the FreeBSD box.  This was confusing.  Again, the folks on EFnet IRC Network #freebsd asked me the right questions.

The first thing was to get natd running in verbose mode.  So I issued the following commands:

killall natd
natd -v interface ed0

I then started up NT2 and connected the FreeBSD box up to my ISP.  Then I used NT1 to dial up my ISP via modem.  This way I could still chat on IRC and debug my firewall.  And I could use NT2 to verify that things were going right.

SOAB!  It worked.  How come?  All we had done was restart natd.   The next step was to reboot the machine and try again.  It didn’t work.   So I stopped and restarted natd.  It worked.  IRC server connections from NT1 and NT2 worked.  Something was very weird.

At the end of /etc/rc.local was the following  (NOTE:  /etc/rc.local is deprecated; use /usr/local/etc/rc.d/ instead; see Starting stuff at boot time and Installing IP Filter 3.3.3 for an example):

natd -interface ed0
dhclient ed0
ifconfig ed1 inet 10.0.0.10 255.255.255.0

I started reading up on natd (please, no laughing).  I found the -dynamic flag, which I had not been previously using.  So I added it to the command and rebooted.

Shutdown now!

It was about this time that I was introduced to the shutdown command.  This lovely command has some nice side-effect.  Instead of rebooting, you can just restart the system.  As root (or as a super user [su]), issue the shutdown now command.   When you get back to to prompt in single user mode, type control-D.  The system will restart.  A great time saver.

DNS solved

After several tests, I concluded that the problem is solved by having:

natd -dynamic -interface ed0

For some reason, as yet unexplained to me, the dynamic flag is now needed for natd.

FWIW: I changed the /etc/rc.local file to contain (NOTE:  /etc/rc.local is deprecated; use /usr/local/etc/rc.d/ instead; see Starting stuff at boot time and Installing IP Filter 3.3.3 for an example):

natd -f /etc/natd.conf
dhclient ed0
ifconfig ed1 inet 10.0.0.10 255.255.255.0

and in /etc/natd.conf I have:

interface ed0
dynamic yes

Why this wasn’t a DNS problem

This wasn’t a DNS problem.  It was a routing problem.  DNS is a service.   It is not essential to the operation of a sub-net.  DNS provides something extra.  Communcations can exist without names.  Names are for people.   Computers use IP numbers, not names.  DNS allows computers to translate the names we assign to those numbers.

The problem was that I could not ping machines outside the firewall from within the firewall.  This was because traffic was not being sent to the outside world from within the sub-net.  Once I solved the routing problem, the pings started to work.

8 August 1998

I have changed the /etc/rc.local file to contain (NOTE:  /etc/rc.local is deprecated; use /usr/local/etc/rc.d/ instead; see Starting stuff at boot time and Installing IP Filter 3.3.3 for an example):

dhclient ed0
ifconfig ed1 inet 10.0.0.10 255.255.255.0
natd -f /etc/natd.conf

I found that my original configuration caused a problem on reboot.  The message displayed during the boot process was:

natd: Unknown interface name ed0.  (No such file or directory).

The above configuration ensures that ed0 and ed1 are properly configured before I attempt to start natd.