freebsd & netatalk & natd etc

Robin Melville robmel at
Tue Dec 5 12:09:29 GMT 2000

At 3:40 pm +0000 3/12/00, Simon Kershaw wrote:
>MacTCP is set to, with the gateway set to I
>also have a name server set to in MacTCP, though as yet I
>am not running nameserver on the BSD box. I don't think this is the
>problem as I cannot connect even using IP addresses rather than names.

This may actually be part of the problem since many programs (eg 
Fetch) will do a reverse lookup to get the name for the address you 
asked. This may cause the program to hang waiting for a response.

>Today I have ftp/http working from FreeBSD to Mac, but not vice versa.
>(This started working again when I switched the Network control panel
>back to Ethernet instead of Etherlink which I realized I had changed it
>to.) other services don't work BSD->Mac. but not urprising since I'm not
>running these other services, only NetPresenz which provides ftp/http.
>But I can't conect from the Mac to BSD ( or through it to the world).

Since you can establish a (presumably non-passive) ftp connection 
from unix to mac then all the network layers up to TCP must be 
working. Is the unix box listening on the ftp/http sockets (netstat 
-a will tell you). Do you have an inadvertent block on incoming 
connections in your ipfw set up?

If you have your FreeBSD host set up as a gateway 
(gateway_enable="YES" in /etc/rc.conf) you must use NAT on your PPP 
interface. Otherwise outgoing traffic cannot be responded to by 
Internet hosts because they don't have a route back to your LAN.

Since you can't see any appletalk shares in the chooser you must 
either not have netatalk working properly, or not have any shares 
available on the FreeBSD host. What does your startup log say? Does 
"ps ax" show you having atalkd/afpd running?

>But I want to pretend these machines are part of
>the domain. I haven't quite worked out whether that's
>legitimate, and if it whether I can do it with DNS. Do I just set up a
>local copy of the real DNS zone file and add in my private LAN addresses
>(192.168.1.xx)? I don't mind manually keeping the real internet data for
>the zone up to date by hand since it is pretty unlikely to change very

There's no problem with doing this, provided that you remember to 
update the LAN nameserver each time you change the Internet 
nameserver. One problem you might have is that email originating from 
the LAN will have an invalid originating host name (from an Internet 
point of view). Some anti-spam MTA software gets fussy about that.

All the best

Robin Melville, Addiction Information Services 
Nottingham Alcohol & Drug Team
work: robmel at
home: robmel at

More information about the Ukfreebsd mailing list